Enabling multifactor authentication in IBM Spectrum Control

Enable multifactor authentication in IBM Spectrum® Control to require multiple pieces of information when users log in. You must have the Administrator role in IBM Spectrum Control to enable multifactor authentication.

Before you begin

Before you enable multifactor authentication in IBM Spectrum Control, complete the following tasks:

Configure IBM Security Verify for use with IBM Spectrum Control. For more information, see Configuring multifactor authentication with IBM Security Verify.
Add IBM Spectrum Control users to IBM Security Verify.
Important: Any users that are not added will be unable to log in to IBM Spectrum Control after multifactor authentication is enabled. For more information, see Adding IBM Spectrum Control users to IBM Security Verify.
If you use a proxy server for communicating outside your network, gather information about its hostname and port.
Ensure that you are assigned the Administrator role in IBM Spectrum Control. For more information, see Role-based authorization.

Procedure

To enable multifactor authentication in IBM Spectrum Control, complete the following steps:

Log in to the IBM Spectrum Control GUI.
In the menu bar, go to Settings > User Management.
On the User Management page, click Edit Authentication.
On the Authentication Configuration page, click Next.
Select the Enable Multifactor Authentication check box.
To help connect IBM Spectrum Control to IBM Security Verify, complete the following steps to export a certificate and import it into IBM Security Verify:
1. Click Export Certificate.
2. Save the certificate file to a local device.
  
  When you export the certificate, an alias is displayed on the Authentication Configuration page. Remember that alias so that you can enter it later when you import the certificate to IBM Security Verify.
3. Access the IBM Security Verify administrator dashboard by entering the following URL in a web browser:
```
https://tenant.verify.ibm.com/ui/admin
```
  Where tenant is the name of the tenant that you specified when you created your subscription, such as bankxyz. For example, https://bankxyz.verify.ibm.com/ui/admin.
4. In IBM Security Verify, select Security > Certificates.
5. Click Add signer certificate.
6. On the Add signer certificate page, select Add file and navigate to where you exported the certificate on your device.
7. Select the certificate and click Open.
8. In Friendly name, enter the alias that was displayed when the certificate was exported in step b.
9. Click OK.
10. Return to the Authentication Configuration page in IBM Spectrum Control.
In the Settings for IBM Security Verify section, enter the following information:

Proxy server (Optional)

If you use a proxy server within your network to communicate externally, enter its host name or IP address and port number (hostname:port), such as 198.51.100.22:8080.

Tenant name

The name of the tenant that was created for IBM Security Verify, such as tenant.verify.ibm.com. Where tenant is the name that is associated with your company or organization. For example, bankxyz.verify.ibm.com.

Client ID

The ID that was assigned to IBM Spectrum Control when you added it as an application to IBM Security Verify.

Client secret

The secret that was assigned to IBM Spectrum Control when you added it as an application to IBM Security Verify.
Click Finish.

What to do next

Each IBM Spectrum Control user must log in to IBM Security Verify and select the second-factor authentication that they want to use. For more information, see Selecting a second factor of authentication in IBM Security Verify.