Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. Managing multifactor authentication
  5. Enforcing multifactor authentication
NetBackup and NetBackup Appliances Hardening Guide

Enforcing multifactor authentication

You can enforce multifactor authentication for users in the Flex Appliance Console, so that they must configure it by the date that you select.

Note:

Remote AD and LDAP user groups are not supported when multifactor authentication is enforced. Once you enforce it, users in these groups can no longer sign in.

You cannot enforce multifactor authentication for the hostadmin user in the Flex Appliance Shell.

Before you can enforce multifactor authentication, the following prerequisites must be met:

  • The appliance date and time must be set with NTP.

  • You and at least one other user must have the security administrator role. At least one of the users with the security administrator role must be a local user.

  • You must have multifactor authentication configured on your account.

To enforce multifactor authentication

  1. Sign in to the Flex Appliance Console as a security administrator. Click the Settings icon in the top-right corner of the page and then click Multifactor authentication enforcement.
  2. On the Multifactor authentication enforcement page, click Enforce.
  3. Select a start date within the next 90 days.

    Caution:

    Once you enforce multifactor authentication, you cannot cancel the enforcement or extend the start date past 90 days.

  4. Click Enforce.

If you need to change the start date, return to the Multifactor authentication enforcement page and click Edit enforcement.

Feedback

Was this page helpful?
Previous

Configuring or reconfiguring multifactor authentication

Next

Managing multifactor authentication on a primary or a media server instance

Feedback

Was this page helpful?