Help Center User GuideWhat's New
 
X
User Guide
What's New
Contents  

Configure Multi-Factor Authentication for Administrators

Enable Multi-Factor Authentication

When you enable multi-factor authentication for a realm, it is turned on for all administrators in at realm. You must be a System Administrator to enable multi-factor authentication.

Procedure

To enable and configure multi-factor authentication settings, navigate to Administration > Multifactor Authentication.

  1. Use the slider to enable multifactor authentication.
  2. Select an authentication method. This is the method by which a verification code will be sent to the administrator, either Mobile SMS or Email.

    If you select Email, the configuration is finished, and you can click Save. ATP Cloud will use the email address already entered for each user. If you select Mobile SMS, continue to the next step.

    Note A user is locked out of ATP Cloud for 1 hour if 4 verification codes have been sent without any being used (verified) to login to ATP Cloud.

    Note When you change the authentication method, if any users have been locked out due to too many verification code requests, those users are all automatically unlocked. All counters that track the number of verification codes that have been sent are reset to zero when the authentication method is changed.

  3. Select an Expiration Interval. The options are:
    • Every time user logs in—User must enter a verification code for every log in.

    • Every day—Multi-factor authentication is required every 24 hours. After going through the multi-factor authentication process once, only username and password are required to log in until 24 hours have passed.

    • Every week—Every week—Multi-factor authentication is required every 7 days. After going through the multi-factor authentication process once, only username and password are required to log in until 7 days have passed.

    • Month— Multi-factor authentication is required every 30 days. After going through the multi-factor authentication process once, only username and password are required to log in until 30 days have passed.

    Note The user can select a check box on the Verify Identity screen to remember the code for the period of time selected above. If the user does not click the check box, she will have to go through the verification process again no matter what expiration interval is configured.

  4. Click Save.

Verification Codes for Multi-Factor Authentication: Mobile SMS

When Mobile SMS is set as the authentication method, the first time an administrator attempts to log in to the Juniper ATP Cloud Web UI (enters a username and password), a Verify Identity screen appears. Administrators must enter the following information in the Verify Identity screen:

Lockout Conditions:If an administrator does not receive the code, she can click the Send Code button again. Note the following security precautions in place for resending code requests: ATP Cloud will wait 60 seconds after sending a code before it will send another code once a request is made. Once a user has requested a verification code 4 times without logging in to ATP Cloud, she is permanently locked out. In this case, the user must contact an administrator to remove the lock.

Verification Codes for Multi-Factor Authentication: Email

When Email is set as the authentication method, the first time an administrator attempts to log in to the Juniper ATP Cloud Web UI (by entering a username and password), a Verify Identity screen appears. Users must enter the following information:

If a user does not receive the code, she should check her spam folder. If it’s not there, she can click the Resend Code button. Note the following security precautions about resending code requests. ATP Cloud will wait 60 seconds after sending a code before it will send another code once a request is made. Once a user has requested a verification code 4 times without logging in to ATP Cloud, she is locked out for 1 hour, meaning a new code cannot be requested for that amount of time.

Note When Email is the MFA method, the one hour lockout cannot be cleared. The user must wait the full hour before requesting another verification code.

Unlock a User

An SMS lockout can be removed by a system administrator who is logged into Juniper ATP Cloud.

Procedure

To remove the lockout,

  1. Navigate to Administration > Users and locate the locked out user.
  2. Select the check box to edit the user.
  3. On the User Edit screen is MFA Method and Mobile Number. Click the link to Reset mobile number. This removes the lock, allowing the user to step through the Verification Identity screen again, and the code request counter is reset to zero.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit