earth_america
user_standard Log on
action_search_stroke
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
How to

How to


Products: AS-B, Edge Server, Enterprise Central, Enterprise Server, AS-P, WorkStation, Virtual Project Servers, WebStation
Functionalities: Security
Product version: 7.0
12/19/2024

Require Members of a User Group to use Multi-factor Authentication

You require members of a user group to use multi-factor authentication to increase the security of your system.

Show More
action_close

You can use multi-factor authentication to increase the security in your system.

Pre-requisites

  • The domain controller for the EcoStruxure Building Operation domain must be online.

  • Multi-factor authenticator can only be used over https.

  • The time on the EcoStruxure Building Operation server must be synchronized with the device that runs the authenticator. However, the device and the EcoStruxure Building Operation server can be in different time zones.

Supported authentication apps

The authenticator app must support RFC6238 TOTP (Time-Based One-Time Password).

Verified authenticator apps are:

  • Google Authenticator

  • Microsoft Authenticator

Supported clients

Multi-factor authentication is supported by:

  • WorkStation

  • WebStation

Do not use multi-factor authentication on the local admin account on a field server. The local admin account is used in the communication with Device Administrator. Device Administrator does not support multi-factor authentication and the communication will fail.

User group level

Multi-factor authentication is set on a user group level.

For more information, see Require Members of a User Group to use Multi-factor Authentication .

Clear a users multi-factor authentication key

If a user has, for example, lost or replaced the device that runs the multi-factor authenticator, you can let the user re-pair the multi-factor authentication with the new device. To be able to do this you must clear the user's authenticator key.

Failing log on attempts

If the user tries to log on using wrong multi-factor authentication, the log on counts as a failed log on attempt and is written in the Event log.

To require members of a user group to use multi-factor authentication

  1. In WorkStation, in the System Tree pane, select the EcoStruxure BMS server you want to configure.

  2. Click the Control Panel tab.

  3. Click Account management .

  4. In the Domain list, select the domain.

  5. In the User Account Groups list, select the user account group.

  6. Click Policies .

  7. Select Require multi factor authentication .

  8. Click Save .

See Also

  • Multi-factor Authentication
  • Multi-Factor Authentication Pairing Dialog Box
  • User Account Group – Policies Tab
  • Clearing a User's Multi-factor Authentication Key