MFA

Suggest Edits

The CE-API also supports Multi-Factor Authentication (MFA). MFA requires end-users to also provide a Time-based One-Time Password (TOTP) during the authentication flow, after the initial combination of username and password is correct. NET2GRID supports TOTP tokens retrieved from authenticator apps like (Google Authenticator, Twilio, LastPass etc). This flow provides an extra security layer on top of the username and password as it is actually a two step authentication.

Enable MFA

To enable MFA, end-users should start by triggering the /mfa/enable endpoint to initiate the MFA process.

This endpoint returns a secret code that can then be displayed by an app as text or translated into a QR code:

{
  "status": "ok",
  "data": {
    "secret_code": "5G5CNH5AFODUNIUKXA7MXAO7S5LXJPFDG5PMPOJLMCXL6LZ2HSXQ"
  }
}

In order to finish MFA setup, end-users verify the TOTP token that is generated on the authenticator app via /mfa/verify-software-token providing the access token and the TOTP token. If the correct TOTP token is given, then MFA setup is complete. From now on, end-users should provide their TOTP token to complete their login.

Disable MFA

MFA can be disabled at any time by using /mfa/disable.

Updated 5 months ago