This article describes how to use Two Factor [2FA] with Google Authenticator for Admin Access.
Note! This process only works if Smartphone / Google Authentication time zone is similar to Firewall time zone. Please check the NTP and double check time and timezone for both the device and firewall.
Configuration Steps:
1. Enable Google Authentication on a specific admin user
Select a specific admin user and switch to the Two-factor Authentication tab.
Enable the checkbox Two-Factor Authentication for Admin Access.
In Two-factor Auth. Method, select "Google Authenticator". Click "Set up Google Authenticator" to start the setup.
2. Google Authenticator Setup
Download and install Google Authenticator on the corresponding app store of your mobile device.
Register the admin account to Google Authenticator.
Open the Google Authenticator App and scan the barcode on Web GUI.
Enter the token code displayed on the Google Authenticator and click “Verify code and finish” for verification.
The pop-up window message informs the verification result.
After 2FA registration is set up successfully, there are backup codes on web GUI.
The backup codes are for device login access in case you cannot access the application on your mobile device.
3. Configure valid time and login service types
Enable two factor authentication for admin access.
Configure valid time and select which services require two-factor authentication for admin user.
The valid time is the deadline that admin needs to submit the two-factor authentication code and get the access.
The access request is rejected when submitting the code later than the set valid time value.
By default, the valid time is set to 3 minutes.
VERIFICATION:
1. Login with the admin account "testadmin".
2. A pop-up window appears for administrator to enter the verification code.
3. Enter the code shown on Google Authenticator and click "Verify". You can also enter the backup code if you don’t have mobile device on hand.
4. Authorize with username, password and the token code successfully.