You can configure secure login to the ADManager Plus console by configuring two factor authentication (TFA). If TFA is enabled for ADManager Plus, technicians need to authenticate twice--first by entering their credentials and then by another method as enabled by the admin--to log in to the ADManager Plus console. However, the ADManager Plus default admin account is allowed to skip TFA. ADManager Plus allows TFA to be performed through authentication services such as Duo Security, Google Authenticator, RSA SecurID, or one time password (OTP) via email.
Steps to configure TFA in ADManager Plus
1. Logon to ADManager Plus and click the Delegation tab.
2. Under the Configuration section, click on Logon Settings.
3. Click on the Two Factor Authentication tab.
4. Enable the Two Factor Authentication is option. Select any of the following authentication service for TFA:
Duo Security
Login to your Duo Security account, and navigate to the Applications section in the left pane.
Click on the Protect an Application option.
Search for Web SDK and click on Protect this Application.
Copy the Integration Key, Secret Key, and API Hostname, and past it in the ADManager Plus console.
Click Save.
Google Authenticator
Select the Enable Google Authenticator option.
Click Save.
During ADManager Plus login, enter the code generated by the Google Authenticator app in your smartphone, in addition to your user name and password. Click here for more details.
One time password via email
In order to receive OTP via email, you need to configure the email server settings in the product. For this:
Navigate to the Admin tab.
Click on the Server option under General Settings.
Enter the Admin mail address. Test the settings using the Send Test Mail option
Click the Save Changes option.
Under the One time password via email section of the Delegation tab, enter the subject of the OTP mail.
Enter the content of the email using macros.
Click Save.
RSA Authenticator
Logon to your RSA admin console.
Click on Access, click Authentication Agents, and click Add New.
Add ADManager Plus server as an authentication agent and click Save.
Go to Access, click on Authentication Agents, and click Generate Configuration File.
Download AM_Config.zip (Authentication Manager config).
Extract sdconf.rec from the zip to <installation-dir>/bin location. If a file named securid exists, copy it too.
In the ADManager Plus console, select the Enable RSA Authenticator option.
Click Save.