Skip to main content
Matrix42 Self-Service Help Center

Multifactor Authentication for System Users

Overview

To enhance the security of the Management Console, Multi-Factor Authentication (MFA) can be used. This additional layer of security ensures that administrators must verify their identity beyond just using a password, reducing the risk of unauthorized access. In this guide, we will walk you through the necessary steps to enable and configure MFA, explain the available authentication methods, and provide insights into key settings that allow you to customize the MFA experience based on your organization’s security requirements. Please note at this point that multi-factor authentication only applies to Local and Active Directory system users. System users that are created via identity providers do not have a native MFA in Silverback, as this can be realized via the identity provider.

Requirements

  • Silverback 25.0

One Time Password Methods

  • SMS
  • E-Mail

Activation Options 

You have the flexibility to define how Multi-Factor Authentication (MFA) is enabled for system users accessing the Management Console. You can either enforce MFA by default for all users or allow users to activate it at their discretion. This section outlines both options and their configuration steps.

Self-Enablement for System Users

  • Open your Silverback Management Console 
  • Login as Administrator 
  • Press the Settings icon next to your username on top right 
  • Enable the MFA option
  • Press Save
  • Confirm with OK
  • Now press Log Out on the top right
  • Login again with your credentials
  • You will be forwarded to the Multi-Factor Authentication Management 

Enforced Multifactor Authentication for all System Users

  • Open your Silverback Management Console
  • Login as Settings Administrator
  • Under General, locate the Multi-Factor Authentication section 
  • Change the Enforce Multi-Factor Authentication to Enabled
  • Press Save 
  • Wait until the changes are applied
  • Confirm with OK
  • Now press Log Out on the top right
  • Now try to login again as Settings Administrators
  • You will be forwarded to the Multi-Factor Authentication Management

Multi-Factor Authentication Management

From the time the system user has either set their MFA activation themselves or the Enforce MFA method has been activated by the Settings Administrator, all system users who have not yet stored an MFA method will be redirected to the Multi-Factor Authentication page when they attempt to log in to the Management Console.

clipboard_eb820aecff87cbdb57f0d50480e1b01d2.png

Add your Multi-Factor Authentication Methods

Starting from the Multi-Factor Authentication Management, you can add multiple Phone Numbers or E-Mail addresses.

Add Phone

  • Press Add Phone
  • Enter your phone number in the following format: +491741234567
  • Press Add
  • You should receive a SMS containing your Matrix42 Silverback One-Time Password
  • Before entering the One-Time Password, press Resend and review the information
    • One-Time Passwords are valid for 3 Minutes (180 seconds) and can only be resend 30 seconds prior the expiration
  • Now enter your One-Time Password in the Verify OTP pop-up
  • Press Verify
  • Your first added method is now the default one
  • Under actions, you see now the Deactivate and Delete options
  • Press for testing purpose the Deactivation action and review the status change
  • Enable it again

Add E-Mail

  • Press Add E-Mail
  • Now enter your E-Mail address
  • Press Add
  • The verify OTP pop-up will appear
  • Review your e-mails and copy the One-Time Password
  • Enter the One-Time Password in the verify OTP pop-up
  • Press Verify
  • Review the verified status and the newly appeared star icon. By pressing this icon, you can switch your default method

Add additional methods (optional)

  • Repeat the steps again to either add an additional phone or e-mail address as additional backups 

Login with MFA

  • After adding your Phone and/or e-mail address (we recommend to enable both) in the Multi-Factor Authentication Management, press the Login button
  • You will be forwarded to the Management Console
  • Enter again your username and password and press sign-in
  • Now the Multi-Factor Authentication starts and you should receive your One-Time Password to your default method 
  • Before entering your One-Time Password, press again Resend two times and remember the earlier mentioned resending period
  • Now select another Method and press Resend two times and you will see that the One-Time Password will arrive quickly
  • If you now press again and try to Resend it to the same method again, the counter for the resending period kicks in again 
  • Now its time to enter your latest generated OTP and press Sign In
  • If you see now One-time password is invalid or outdated, send again a SMS to your phone and enter the OTP, followed by pressing Sign-In
  • You should now be successfully logged in

Edit your own MFA Methods

  • After being logged in, press the Settings icon next to your username on top right 
  • Press Edit next to the Enable MFA checkbox
  • You will be forwarded to the Multi-Factor Authentication Management
  • Change and adopt your methods, and press again login to validate your changes

Review MFA for Others

  • Open the Management Console and login as Administrator
  • Navigate to Admin
  • Select User Management
  • Locate the account with which you are currently logged in 
    • Review the Enable MFA checkbox
      • If MFA is not enforced, you can enable or disable MFA from here only for your own account
      • If MFA is enforced, you can't change the option 
    • Look down and locate the Multi-Factor Authentication section 
      • Here you can review the Methods that you added to your account
  • Select again User Management and edit any other user
    • The Enable MFA option will be ready only and you can review the MFA methods other users have activated and/or verified

Customize Messages

To conclude this guide, we would like to introduce the option of modifying the messages that are sent. 

  • Open the Management Console and login as Settings Administrator
  • Under General, locate the Multi-Factor Authentication section
  • Here you can modify the content of the SMS, the subject and the content of the E-mail, but ensure to place the {otp} in the content section(s).
  • Press save, wait until the changes are applied, confirm with OK and Log Out
  • Now Login again and review your changes.