Considerations before configuring multifactor authentication
Some considerations that you need to remember before you configure multifactor authentication:
The Appliance administrator can see the status of all the users on the page.
If AD/LDAP server configuration is removed from the cluster without removing the AD/LDAP user's MFA configuration, the Appliance administrator may see stale entries for AD/LDAP users.
If you are an AD/LDAP user with no role, you cannot login to the appliance.
A local administrator is a non AD/LDAP user.
If NetBackup Flex Scale has been deployed with both primary and media servers, and if the user does not have the Appliance administrator role and has only NetBackup administrator role, the user is directed to the home screen.
Local administrator users' roles must be assigned from the NetBackup Flex Scale GUI.
When catalog replication for disaster recovery is configured between two NetBackup FlexScale clusters, users are managed independently on each cluster and the corresponding multifactor authentication configuration should be done separately on each cluster. Veritas recommends that you use the following guidelines when making user configuration changes in a NetBackup Flex Scale cluster on which disaster recovery is configured:
When adding local users, both the clusters should use the same credentials.
AD/LDAP configuration must be performed only on the primary cluster on which disaster recovery is configured.
When configuring multifactor authentication for a user, the same multifactor authentication secret key must be used for both clusters.
When enforcing multifactor authentication, it should be enforced with the same start date on both the clusters.