Multi-Factor Authentication Guide

Ryan Rich -

Enabling multi-factor authentication (MFA) is a straightforward process that adds another layer of security to your Datica account. To start, head to https://product.datica.com/account/mfa/activate.

Here you’ll be prompted for your email and password as well as which type of MFA you would like to enable. Datica currently supports two modes for generating One-Time Passwords (OTP): email and authenticator apps such as Google Authenticator. Type in your credentials and choose Email.

Screen_Shot_2017-09-25_at_1.05.01_PM.png

Once you click Activate, you will receive an OTP at the email address associated with your account. This code may take a minute or two to arrive. Once you receive your OTP, enter it at the displayed prompt.

Screen_Shot_2017-09-25_at_1.06.46_PM.png

For now, leave the Set as preferred checkbox checked. This is explained in the Preferred Mode section below. After entering the OTP and clicking Complete MFA Activation you will be shown a success notification. You'll also notice that you now have backup codes. Be sure to copy and store these in a safe place. These will help you regain access to your account in the event that you lose access to your MFA method.

backup-codes.png

You can now login with MFA!

Entering a One-Time Password (OTP)

After successfully enabling MFA, you will be prompted to enter an OTP on subsequent logins. Head to the dashboard to login. Enter your credentials and Submit.

You will be shown an area to enter your OTP along with the method of delivery so that you know exactly where to look.

Screen_Shot_2017-09-25_at_1.11.24_PM.png

Enter your OTP and click Submit. You’ve now successfully logged in with MFA enabled!

The CLI and MFA

Since version 3.6.0, the CLI fully supports MFA enabled accounts. The CLI will prompt you for your credentials every time your session token expires. When this occurs, you will be prompted for your email and password as well as an OTP if MFA is enabled. You’ll just need to enter the OTP received through email or generated through an authenticator app to complete the signin process.

$ datica environments list
Username or Email: example@datica.com
Password:
This account has two-factor authentication enabled.
Your one-time password (sent to your email):

Adding Additional Factors

Adding one factor is all that is required to enable MFA for your Datica account. However, we recommend enabling multiple factors in the event that access to a mobile device or email address is lost. This can be done by logging into the dashboard and navigating to your account settings. From there, you can enable another factor, disable any number of factors, or change your preferred mode by expanding the MFA section.

To enable the authenticator mode, click Enable and confirm the prompt.

enable_authenticator.png

You’ll be shown a screen to enter your credentials with the authenticator option already chosen.

Screen_Shot_2017-09-25_at_7.56.03_PM.png

Enter your credentials and submit. You will then be shown a QR code to scan with an authenticator app. Open your app, scan the QR code, and enter one of the OTPs generated.

Screen_Shot_2017-09-25_at_7.56.12_PM.png

Submitting this form will successfully enable your second form of MFA.

Preferred Mode

When multiple factors are enabled for your Datica account, only one of them is set as the preferred mode. When logging into a Datica product with MFA enabled, your preferred mode will be used to send an OTP (if applicable). When you login to the dashboard, you will be given the option to change the method that is being used only for that login attempt.

multiple_mfa_modes

However, the CLI does not support switching the mode used for a given login attempt and will always use your preferred mode. You can change your preferred mode by navigating to your account settings and clicking the Make Preferred button next to the mode you wish to be preferred.

MFA is Optional

Although MFA is optional, it is recommended to enhance the security of your Datica account.

Organization Enforcement

Although MFA is optional, organization owners are given the ability to require all members of their organization to have MFA enabled. To turn on this feature, as an organization owner login to the dashboard. After logging in, select the organization in the left-side navigation panel for which you want to enforce MFA.

Once you're on the "Information" tab for the selected organization you can click the "Require" button under the "MFA Required?" heading.

require_mfa.png

Troubleshooting

Having trouble getting MFA enabled? Check out our troubleshooting guide for help!