Using Google Authenticator and Time-based One-Time Passwords

This tutorial provides instruction for enabling Time-based One-Time Passwords (TOTP) for users as well as instructions for logging in using an authenticator app.

Watch the tutorial:

 

Time-based One-Time Passwords provide GoAnywhere MFT users the ability to use Google Authenticator or other authenticator apps to generate a one-time password to log in to the Admin and Web Client interfaces. When enabled, the login page will display a QR code that the user must scan with the Google Authenticator app on a mobile device. Once scanned, GoAnywhere stores the user's secret key on their profile. Each subsequent time the user logs in, they must provide a new one-time use password to GoAnywhere using the authenticator application.

Enabling Time-based One-Time Passwords in GoAnywhere MFT

Time-based One-Time passwords must first be enabled as a login method. Login methods are managed on the Login Settings page of the GoAnywhere MFT admin client.

  1. Log in as an Admin User with the Security Officer role.
  2. From the main menu bar, select Users, and then click the Login Settings link.
  3. Click on the Two-Factor Authentication tab.
  4. Under Time-based One-Time Password, select Enabled.
  5. Specify an Admin and Web Client Display Name. This name appears in the Google Authenticator app to identify the page the user is attempting to log in to.
Login Settings

Enabling Two-Factor Authentication for Web Users

Each individual Web User must be configured to use TOTP authentication. Follow the instructions below to enable a Web User.

  1. Log in as an Admin User with the Web User Manager role.
  2. From the main menu bar, select Users, and then click the Web Users link.
  3. Click the Edit icon next to the desired Web User.
  4. Click on the Authentication tab.
  5. Expand Authentication Types.
  6. In the Two-Factor Authentication dropdown, select Time-based One-Time Password.
  7. Click the Save button when finished.

You can enable this on a Web User Template, which ensures all new Web Users that are created using the template will have this enabled by default.

Web User Authentication Settings

Enabling Two-Factor Authentication for Admin Users

As with Web Users, Admin Users must be individually configured to use TOTP authentication. Follow the instructions below to configure an Admin User.

  1. Log in as an Admin User with the Security Officer role.
  2. From the main menu bar, select Users, and then click the Admin Users link.
  3. Click the Edit icon next to the desired Admin User.
  4. In the Two-factor Authentication dropdown, select Time-based One-Time Password.
  5. Click the Save button when finished.

You can enable this on an Admin User Template, which ensures all new Admin Users that are created using the template will have this enabled by default.

Admin User Authentication Settings

Logging in With Time-based One-Time Password Authentication

Utilizing an authenticator app to log into GoAnywhere is simple.

If this is the first time logging in to the Admin or Web Client with TOTP enabled, you will need to register the app by scanning the QR code presented on the login screen.

Google Authenticator App

Each subsequent login will require a freshly generated verification code from your authenticator app.

Still have questions?