Deep Security 10.1 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Set up multi-factor authentication
The Deep Security Manager allows you the option to use multi-factor authentication (MFA). MFA is a method of access control requiring more than a user name and password that is recommended as a best practice.
In this article:
- Enable multi-factor authentication
- Disable multi-factor authentication
- Supported multi-factor authentication (MFA) applications
- Troubleshooting MFA
This article provides the information to allow you to set up MFA for your Deep Security accounts.
- In Deep Security Manager, select User Properties from the menu under your user name in the upper-right corner.
- On the General tab, click the Enable MFA button. This will open the Enable Multi-Factor Authentication wizard to guide you through the rest of the process.
- The first screen of the wizard will remind you to install a compatible virtual MFA application, such as Google Authenticator. For more information, see Supported multi-factor authentication (MFA) applications at the bottom of this article.
- If your device supports scanning QR codes, you can use your camera to configure your MFA application and click Next.
Otherwise, you can choose My device does not support scanning QR codes. Show secret key for manual time-based configuration.
- Enter the Authentication Code (without the space), for example: 228045.
- If the authorization code is correct, MFA will be enabled for your account and you will be required to enter a new MFA code each time you sign in.
- In the Deep Security Manager, select User Properties from the menu under your user name in the upper-right corner.
- On the General tab, click the Disable MFA button.
- Click OK on the confirmation screen to disable MFA.
- Your user properties screen displays with a note to indicate the changes to MFA. Click OK to close the screen.
The following smartphones and applications are actively supported for MFA. However, any application implementing an RFC 6238 compliant Time-base One-time Password Algorithm should work.
|Android||Google Authenticator, Duo|
|iPhone||Google Authenticator, Duo|
For what to do if you lose your MFA device, see What if my MFA device is lost or stops working?
If you have enabled MFA but can't login, see MFA is enabled but not working.