Document information
| Document ID: | 8899 |
|---|
| Subject: | Syncrify Two-Factor Authentication |
|---|
| Creation date: | 5/18/22 9:04 AM |
|---|
| Last modified on: | 5/18/22 9:44 AM |
|---|
Syncrify Two-Factor Authentication
Starting from version 5.4, Syncrify supports Two-Factor Authentication (2FA for short), which improves security by requiring a second form of identification besides the password.
The use of 2FA does not apply to Syncrify Client's or any backups, it only applies to the following two scenarios:
- The admin account accessing the admin console
- A user account attempting to log into Syncrify Server via a web-browser
Syncrify supports two mechanisms for 2FA:
- Email - The system will generate a six-digit code sent via email to a designated address. User must enter that code before continuing.
- Time-based one-time temporary password (TOTP) - TOTP is an algorithm that computes a one-time password, which is typically
displayed on a mobile device owned by the user. Examples of such apps are Google Authenticator and/or Microsoft Authenticator. These apps are available for
Android as well as iOS devices.
Enabling 2FA for Users
When a non-admin user connects to Syncrify's web interface, they will see a link for
Two-Factor Authentication towards the lower right-hand corner.
The following page will allow the user to pick either TOTP or Email based 2FA.
Note
2FA is only available for the admin account and user accounts when accessing the web interface of Syncrify server. It does not apply to using Syncrify Client, or any backups running from a client.
Using TOTP
Using TOTP requires you install an app on your mobile device that supports this algorithm. Both Android and iOS have many apps on their store that
can be used. Two such applications are
Google Authenticator and
Microsoft Authenticator.
Syncrify will display a QR Code that can be scanned by the app on your mobile device. Scanning this code will add an entry on your device and will display a 6-digit code
that will change every 30 seconds.
Very Important
Since TOTP is a time-based algorithm, it is very important the time on the machine is accurate. We strongly recommend synchronizing the machine time with a
time server on the Internet.
Enabling 2FA for the Admin Account
You can also enable 2FA for the admin account. The admin account can use the same two mechanisms as the users, Email based and TOTP. To configure 2FA for the admin account follow these steps while logged into your admin console:
- Navigate to Configuration then click on the Security tab.
- Click the link under the Admin Password field to manage 2FA for the admin account.
- Select a mechanism for 2FA.
Removing 2FA
If the user or admin still have access to their accounts, they can log in and navigate to the 2FA configuration page and uncheck the Enabled checkbox.
Disabling 2FA If The User Can Not Access Their Account
If a user or admin does not have access to their 2FA code, or is locked out of the account, and you need to remove 2FA follow these steps:
- Go to the machine that Syncrify is installed on.
- Navigate to $INSTALL_DIR\config folder.
- Edit the
TFARecs.dat file in a text-editor.
- Remove the line that contains the user you need to disable.
- Restart the Syncrify service.
Add a comment to this document
Do you have a helpful tip related to this document that you'd like to share
with other users?
Important: This area is reserved for useful tips. Therefore, do not post any questions here. Instead, use our
public forums to post questions.
