The Users and User Groups Two-Factor Authentication Server Screen displays Two-Factor Authentication Status by User Role and is used to enable/disable Two-Factor Authentication for user login based on User Role. Two-Factor Authentication requires a user to enter an authentication code after entering their login/password to access OmniVista Cirrus. The authentication code is a time-based, 6-digit code that is generated using the Google Authenticator App.
When Two-Factor Authentication is enabled/disabled for a Role, the configuration is applied to all users assigned to that Role through their User Group. You cannot have different login settings for different users in a User Group. If a User Group has two Roles and one is enabled for Two-Factor Authentication while the other is not, the user will still be required to use Two-Factor Authentication to log in.
To enable/disable Two-Factor Authentication for a specific Role(s), select the role(s) in the User Role Table, click on the Enable or Disable button, then click OK at the Confirmation Prompt. The setting will be applied to all users assigned to that Role(s) through their User Group. To enable/disable Two-Factor Authentication for all Roles, click on the Enable Globally or Disable Globally button at the top of the screen, then click OK at the Confirmation Prompt. The setting will be applied to all users. Note that if a user is configured for Two-Factor Authentication, the user will receive an auto-generated email any time Two-Factor Authentication is enabled/disabled for the Role they are assigned to, informing them that Two-Factor Authentication has been enabled or disabled for their account.
Note: When you enable/disable Two-Factor Authentication, the setting is applied to all current users assigned to the affected Role(s), as well as future users that you create with that Role(s).
This section details the steps required for a user to set up and use Two-Factor Authentication. Two-Factor Authentication uses the Google Authenticator App to generate a time-based, 6-digit code that must be entered in addition to a user’s login/password to log into OmniVista Cirrus.
The first time a user logs into OmniVista Cirrus after being configured for Two-Factor Authentication, they will be presented with a second login screen to set up Two-Factor Authentication using the Google Authenticator App. Once Two-Factor Authentication is set up, the user will be required to enter their username/login, and then the 6-digit code generated by Google Authenticator to log into OmniVista Cirrus.
The following sections detail the steps for initial user setup and login, as well as returning user login for Two-Factor Authentication.
Two-Factor Authentication uses the Google Authenticator App to generate a time-based, 6-digit code that is used to log into OmniVista Cirrus. To log into OmniVista Cirrus using Two-Factor Authentication, you must first download the Google Authenticator App to your phone. The steps below detail downloading the App, setting up the user account on Google Authenticator, and logging into OmniVista Cirrus.
1. Go to the Google Play App Store or the Apple App Store and download the Google Authenticator App to you phone.
2. After entering your login/password on the OmniVista Cirrus Login Screen, the following Two-Factor Authentication Screen will appear.
3. Open the Google Authenticator App on your phone and use your phone to scan the QR Code on the login screen into the App. Click on the + icon at the bottom of the Google Authenticator App Screen, then click on the Scan a QR Code option to bring up the camera. Hold the phone up to the screen to scan the QR Code on the login page. When the scan is complete, the following screen will appear in the Google Authenticator App.
When you scan the QR Code into the Google Authenticator App, the App sets up your account and stores your username (e.g., OV-2FA-johntest) and the URL of the machine you are logging into (fat31.ov.preprod.ovcirrus.com). As shown above, a 6-digit login code is displayed under your username and URL. Note that the code is good for 30 seconds. A countdown clock is shown to the right of the code. When then timer is close to expiring, the code numbers will turn red. When the countdown is complete, a new code will be displayed for 30 seconds.
Note: If you cannot scan the QR Code as described above, you can use the 16-digit key above the QR Code to set up your account in the Google Authenticator App. To enter this code, click on Enter a setup key instead of Scan a QR Code. Enter your Account (e.g., OV-2FA-johntest), enter the Key, then click on the Add button.
4. Enter the code for your user account into the TOTP Code Field on the OmniVista Cirrus Login Screen and click Verify to log into OmniVista Cirrus. If you have more than one user account set up in the Google Authenticator App, make sure you are entering the code for the correct account.
Note: If a User configured for Two-Factor Authentication is unable to successfully log in (e.g., unable to set up Two-Factor Authentication, repeatedly inputting an invalid authentication code), a warning message is presented to the user and the user is redirected to the login page. The User's "2FA State" will display "Verified" in the Existing Users Table on the User Management Screen. Select the User in the table, click on the Reset 2FA button at the top of the screen, then click OK at the Confirmation Prompt. The user will then be required to set up Two-Factor Authentication again.
Once you set up your user account in the Google Authenticator App as described above, log in using the 6-digit code provided by the Google Authenticator App.
1. After entering your OmniVista Cirrus login/password, the following screen will appear.
2. Open the Google Authenticator App on your phone. The app will open to the Login Code Screen displaying the current codes for any user account you have set up in the App.
3. Enter the code for your user account (e.g., OV-2FA-johntest - fat31.ov.preprod.ovcirrus.com) and click Verify to log into OmniVista Cirrus. If you have more than one user account set up in the Google Authenticator App, make sure you are entering the code for the correct account.
Note: If a User configured for Two-Factor Authentication is unable to successfully log in (e.g., repeatedly inputting an invalid authentication code), a warning message is presented to the user and the user is redirected to the login page. The User's "2FA Status" will display "Verify" in the Existing Users Table the User Management Screen. Select the User in the table, click on the Reset 2FA button at the top of the screen, then click OK at the Confirmation Prompt. The user will then be required to set up Two-Factor Authentication again.
The Two-Factor Authentication Table displays Two-Factor Authentication status for all configured User Roles. It can also be used to enable/disable Two-Factor Authentication for a Role(s). Select a Role(s) and click on the Enable or Disable button, then click OK at the Confirmation Prompt.