Concept
Multi-factor Authentication
You can use multi-factor authentication to increase the security in your system.
The domain controller for the EcoStruxure Building Operation domain must be online.
Multi-factor authenticator can only be used over https.
The time on the EcoStruxure Building Operation server must be synchronized with the device that runs the authenticator. However, the device and the EcoStruxure Building Operation server can be in different time zones.
The authenticator app must support RFC6238 TOTP (Time-Based One-Time Password).
Verified authenticator apps are:
Google Authenticator
Microsoft Authenticator
Multi-factor authentication is supported by:
WorkStation
WebStation
Do not use multi-factor authentication on the local admin account on a field server. The local admin account is used in the communication with Device Administrator. Device Administrator does not support multi-factor authentication and the communication will fail.
Multi-factor authentication is set on a user group level.
For more information, see Require Members of a User Group to use Multi-factor Authentication .
If a user has, for example, lost or replaced the device that runs the multi-factor authenticator, you can let the user re-pair the multi-factor authentication with the new device. To be able to do this you must clear the user's authenticator key.
If the user tries to log on using wrong multi-factor authentication, the log on counts as a failed log on attempt and is written in the Event log.
Security Overview
Require Members of a User Group to use Multi-factor Authentication
Clearing a User's Multi-factor Authentication Key
Multi-factor Authentication Dialog Box
Multi-Factor Authentication Pairing Dialog Box