Considerations when configuring multifactor authentication
Some considerations that you need to remember before you configure multifactor authentication:
The Appliance administrator can see the status of all the users on the page.
If AD/LDAP server configuration is removed from the cluster without removing the AD/LDAP user's multifactor authentication configuration, the Appliance administrator may see stale entries for AD/LDAP users.
Multifactor authentication configuration for AD/LDAP users with no role is only possible after multifactor authentication enforcement.
A local administrator is a non AD/LDAP user.
Do not configure multifactor authentication if add node or delete node operations are in progress.
Perform the following steps to login to the Swagger REST APIs if multifactor authentication is configured for a particular user:
Provide username (for which multifactor authentication is configured) and password and generate token. A token of the type, mfa token, is generated.
Copy the token and paste it in the username field. Provide the OTP received in the authentication app in the password field, and enter mfa in the token type field.
A bearer token is generated for that user. This token should be provided in the tab with the format as: Bearer <bearer token>.