To protect your USM Anywhere account, enable multi-factor authentication (MFA)A method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.. MFA adds extra security because it requires multiple factors to authenticateProcess used to verify the identity of a user, user device, or other entity, usually through a username and password. a user, making it more difficult for an unauthorized person to gain access to the account. In USM Anywhere, MFA provides a layered defense of two independent credentials: what you know (your user account name and password) and what you have (security token on your personal device).
To use multi-factor authentication in USM Anywhere, you must have a mobile device that supports an Authenticator app. AT&T Cybersecurity recommends the Google Authenticator app, which is available for iOS and Android devices. Google Authenticator implements two-step verification services using the Time-based One-Time Password (TOTP) algorithm and HMAC-based One-time Password Algorithm (HOTP) for authentication.
Before you set up MFA for your account, you must install the Authenticator app on your device.
To configure MFA for your account
- In the upper right corner of the USM Anywhere web UI, click the icon and select Profile.
- Select Enable Multi-Factor Authentication and click Save.
- Click the icon and select Logout.
- Click Login.
- On the login page, enter your user account/password and click Login.
- Open the Authenticator app on your device.
- Scan the QR code using the Authenticator app.
- Enter the one-time passcode in the text box of the USM Anywhere and click Verify Code and Login.
USM Anywhere displays the Multi-factor Authentication page to prompt you to complete your MFA configuration. The displayed page provides a unique QR code that is used by the Authenticator app to retrieve a verification code.
In the event that you lose or change your mobile device, there is a function to reset the MFA for your user account. Another user in your USM Anywhere environment can edit your user account to reset the QR code used to pair the device with your account.
To change your authentication device
- Go to Settings > Users.
- Click the icon of the user to which you want to reset the MFA account.
- Click Cancel.
A green message displays in the upper side of the page to inform you about the success of the MFA reset request.
After the reset, USM Anywhere displays the Multi-factor Authentication page at your next loginLog in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password.. Follow the same steps to set up the authentication with the new device.