Configuring 2-step verification
2-Step verification adds another layer of security that requires not only a password and user name but also a verification code to sign in to the Access administrative portal. The verification code is generated by either Authenticator or Google Authenticator. You configure 2-step verification in the Ivanti Access administrative portal.
You can enable 2-step verification only for your account. You cannot enable 2-step verification for other administrators or vice versa. If 2-step verification is enabled, you are prompted to enter your credentials and the verification code to access Access account. If the verification code is not available, you cannot sign in to the Ivanti Access administrative portal.
•2-Step verification with Google Authenticator is supported on iOS and Android devices. 2-Step verification with Authenticator is supported only on iOS devices.
•If 2-Step verification fails, verify if your device is in sync with the local time
Before you begin
•Verify that you have created an Ivanti Access account.
•For iOS devices, verify that you have downloaded the Authenticator app or Google Authenticator app from iOS App Store .
OR
For Android devices, verify that you have downloaded the Google Authenticator app from Android Google Play Store.
Procedure
1. | In the Ivanti Access administrative portal, click Account Settings > 2-Step Verification. |
2. | Click the Off toggle. |
A Warning is displayed.
3. | To configure 2-step verification, click Continue, then Next. |
A QR code is displayed.
Figure 1. QR code for 2-step verification
4. | On your device, launch the authenticator app. |
5. | From the authenticator app, scan the QR code displayed in Ivanti Access. |
Alternately, for Google Authenticator only, click the Enter Time based Secret Key link to generate a secret key. Enter the generated secret key in Google Authenticator. The secret key is unique to every verification.
A 6-digit code is generated in the authenticator app.
6. | In the Ivanti Access administrative portal, click Next to enter the 6-digit code. |
Figure 2. Enter 6-digit code
7. | In Enable 2-Step Verification enter the 6-digit code. |
8. | Click Done. |
To verify whether 2-step verification is on or off, in Access, go to Settings > Admins. The 2-Step Verification column displays the status.
To generate a verification code for 2-step verification for signing in to Ivanti Access:
•If you are using Google Authenticator, launch the app.
•If you are using Authenticator, launch the app, and go to Settings > Admin OTP.
Disabling 2-Step Verification
Administrators can disable 2-step verification for their own account only. However, a Super Admin can disable 2-step verification for an Admin or Read Only Admin. If an administrator with Admin or Read Only Admin role loses their phone or has issues with 2-step verification, they can contact their Access Super Admin to reset 2-step verification for their account. If a Super Admin is not available, contact Ivanti Support. An email notification is sent to the administrator if a Super Admin or Ivanti Support disables 2-step verification for an account. However, email notification is not sent when administrators disable the 2-Step Verification for their own account. For more information about administrator roles, see Admins.
2-Step verification can be disabled from Account Settings > 2-Step Verification in the admin portal.
Before you begin
•Verify that 2-Step Verification is enabled.
Procedure 1
1. | In the Access administrative portal, go to Account Settings > 2-Step Verification. |
2. | Click the toggle to change the setting to OFF. |
Procedure 2
1. | In the Access administrative portal, click Settings > Admins. |
2. | Click the toggle in the 2-Step Verification column for your account to change the setting to OFF. |
This method is not available to administrators with Read-only permission.
Signing out of the Ivanti Access administrative portal
If you do not sign out, the session will timeout in 30 minutes.
Procedure
1. | In the Ivanti Access administrative portal, click Account Settings > Sign Out. |
When you sign in to Access again, launch an authenticator app and generate a verification code. You will be prompted to enter the verification code in addition to your username and password.