Configuring or disabling multifactor authentication on a WORM storage server

Use the following procedures to configure or disable multifactor authentication on a NetBackup WORM storage server.

Note:

If multifactor authentication is enforced, users cannot disable it after the grace period.

To configure multifactor authentication on a WORM storage server

(Optional) If you have already configured multifactor authentication for another server and want to use the same authenticator account to log in to this server, run the following command on the other server:
setting MFA show
Take note of the key.
On the server that you need to configure multifactor authentication for, run one of the following commands:
- To enroll with a random key, run the following command:
  setting MFA enroll
- To use an existing key, run the following command:
  setting MFA enroll secret=<existing key>
If you generated a new key, scan the QR code with an authentication app on your mobile phone. For example, Google Authenticator or Microsoft Authenticator.
Note that the token validation is based on the server time. Ensure that the clock of the Flex Appliance and the mobile phone are correct.
Note:
If the msdpadm user becomes locked, they cannot reset multifactor authentication for themself. To avoid this situation, Cohesity recommends that two or multiple users scan the same QR code of the msdpadm user with their mobile phones. If one user loses access to the token, another user can help them to enroll again.

To disable multifactor authentication on a WORM storage server

Log in to the server as the user that you want to disable multifactor authentication for.
Run the following command:
setting MFA reset