Require multifactor authentication for administrators

Starting with IBM Spectrum® Protect 8.1.14, you can require server administrators to use multifactor authentication (MFA). MFA provides an extra layer of protection by requiring administrators to use a password and a time-based one-time password (TOTP) to sign in.

Multifactor authentication (MFA) can be enabled on both the new and existing administrator accounts. To use this feature, your administrators must install an RFC 6238 supported security application on their mobile devices or workstations. The security application generates a time-based one-time password (TOTP) that is used during the sign-in process.

After an administrator account is successfully set up with MFA, the account can be accessed only by specifying the password and a TOTP passcode. The additional layer of protection authorizes only the rightful owner to access the account.