Document information

Document ID: 8899
Subject: Syncrify Two-Factor Authentication
Creation date: 5/18/22 9:04 AM
Last modified on: 5/18/22 9:44 AM


Syncrify Two-Factor Authentication

Starting from version 5.4, Syncrify supports Two-Factor Authentication (2FA for short), which improves security by requiring a second form of identification besides the password.

The use of 2FA does not apply to Syncrify Client's or any backups, it only applies to the following two scenarios:

  • The admin account accessing the admin console
  • A user account attempting to log into Syncrify Server via a web-browser

Syncrify supports two mechanisms for 2FA:

  • Email - The system will generate a six-digit code sent via email to a designated address. User must enter that code before continuing.
  • Time-based one-time temporary password (TOTP) - TOTP is an algorithm that computes a one-time password, which is typically displayed on a mobile device owned by the user. Examples of such apps are Google Authenticator and/or Microsoft Authenticator. These apps are available for Android as well as iOS devices.

Enabling 2FA for Users

When a non-admin user connects to Syncrify's web interface, they will see a link for Two-Factor Authentication towards the lower right-hand corner. The following page will allow the user to pick either TOTP or Email based 2FA.

Note

2FA is only available for the admin account and user accounts when accessing the web interface of Syncrify server. It does not apply to using Syncrify Client, or any backups running from a client.
Using TOTP
Using TOTP requires you install an app on your mobile device that supports this algorithm. Both Android and iOS have many apps on their store that can be used. Two such applications are Google Authenticator and Microsoft Authenticator.

Syncrify will display a QR Code that can be scanned by the app on your mobile device. Scanning this code will add an entry on your device and will display a 6-digit code that will change every 30 seconds.

Very Important

Since TOTP is a time-based algorithm, it is very important the time on the machine is accurate. We strongly recommend synchronizing the machine time with a time server on the Internet.

Enabling 2FA for the Admin Account

You can also enable 2FA for the admin account. The admin account can use the same two mechanisms as the users, Email based and TOTP. To configure 2FA for the admin account follow these steps while logged into your admin console:

  • Navigate to Configuration then click on the Security tab.
  • Click the link under the Admin Password field to manage 2FA for the admin account.
  • Select a mechanism for 2FA.

Removing 2FA

If the user or admin still have access to their accounts, they can log in and navigate to the 2FA configuration page and uncheck the Enabled checkbox.

Disabling 2FA If The User Can Not Access Their Account

If a user or admin does not have access to their 2FA code, or is locked out of the account, and you need to remove 2FA follow these steps:
  1. Go to the machine that Syncrify is installed on.
  2. Navigate to $INSTALL_DIR\config folder.
  3. Edit the TFARecs.dat file in a text-editor.
  4. Remove the line that contains the user you need to disable.
  5. Restart the Syncrify service.




Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post any questions here. Instead, use our public forums to post questions.

Navigation

Social Media

Powered by 10MinutesWeb.com