Configuring multi-factor authentication policies
To control the behavior of multi-factor authentication, configure the multi-factor authentication policy settings on the Security Policies landing page.
- In the Dev Studio header, click .
- In the Multi-factor authentication policies (using one-time
password) section, configure the following required
fields:
- In the Maximum one-time password failure
attempts list, select a value between
1 and 3 to set the
number of failed login attempts that your application allows before the
one-time password becomes invalid and another one-time password must be
generated. Setting a lower value helps prevent brute force attacks.
- In the Maximum age of one-time password token in
seconds field, enter the length of time from when the
token is generated to when the user must verify it with your
application. The maximum age of the one-time password token must be less than the shortlived requestor timeout period, which is defined in minutes in the
prconfig
settingtimeout/requestor/shortlived
, and which defaults to 1 minute. If you set the maximum age to be greater than one minute, you must increase thetimeout/requestor/shortlived
setting. - In the Validity of one-time password confirmation in minutes field, enter how long a user can work in a single session before being logged out.
- In the Maximum one-time password failure
attempts list, select a value between
1 and 3 to set the
number of failed login attempts that your application allows before the
one-time password becomes invalid and another one-time password must be
generated.
- Define an email account, SMS account, or both to send the one-time password to
users:
- In the Email account from which one-time password needs to be sent field, press the Down arrow key, and then select the name of an email account.
- Optional: To configure an email account, click the Add icon. For more information, see Configuring outbound email in Dev Studio.
- In the SMS account from which one-time password needs to be sent field, press the Down arrow key, and then select the name of an SMS account.
- To configure an SMS account, click the Add icon. For more information, see Creating an SMS account.
- Click Submit.
Previous topic Multi-factor authentication with a one-time password Next topic Generating a one-time password