Introduction
Multiple mechanisms are used for user authentication and data security.
Note
As a policy, enable two-factor authentication.Two-Factor Authentication (TFA) provides secured login through a passcode. Secured login is ensured by using multiple levels of security. For example, to log into Opsramp, a user account must have TFA enabled and then activated using one of the following mechanisms:
- FIDO U2F: U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed. For more information, see .
- TOTP: TOTP (Time-based One-Time Password algorithm) is an extension of the HMAC-based One-time Password algorithm (HOTP) generating a one-time password by instead taking uniqueness from the current time.
- YubiKey: YubiKey is a hardware authentication device manufactured by Yubico that supports one-time passwords, public-key encryption and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance.
Note
The administrator can also identify the owner of a lost two-factor key. For more information, view Look Up Two-Factor Key
An integration of third-party tools can be performed to retrieve user authentication. The SSO service provider can authorize secure access using the Single Sign-On feature.
Scenarios
Implement 2F for all clients
An organization wants every user logging into OpsRamp as a client user to use two-factor authentication.
Solution:
To enable two-factor authentication across a client, log into OpsRamp with administrator credentials.
Implement 2F for all partners
An organization wants every user logging into OpsRamp as a partner user to use two-factor authentication.
Solution:
To enable and activate two-factor authentication across all partner users,
log into OpsRamp with partner administrator credentials.