Multi-factor authentication (MFA) enables a higher level of security when accessing JFrog applications. When enabled, in addition to their user credentials, users will have to authenticate with a one-time password (OTP) generated by an additional authentication factor - the Google Authenticator application. This ensures that in the case where a users' credentials have been compromised, the multi-factor authentication method will prevent malicious users from gaining access to JFrog applications.
Enabling Multi-factor Authentication
To enable multi-factor authentication for users in the JFrog Platform, navigate to Administration module | User Management | Settings | Multi-factor Authentication | and check the Enable Google Authenticator checkbox.
Follow the steps of Logging in using Multi-factor Authentication after it is enabled.
Multi-factor authentication is applied to all users of the JFrog Platform application.
In the case a user's ability to log in using multi-factor authentication is compromised, an Administrator should reset the user's enrollment status by performing the following steps:
Navigate to Administration module | User Management | Users
Select the specific user and in the Edit screen, select Reset MFA Enrollment.
The user will have to follow the enrollment steps again to authenticate.
If an Administrator loses the capability of signing in using the multi-factor authentication method, the Administrator should bootstrap a new Administrator or an existing Administrator with new credentials to reset the multi-factor authentication for the bootstrapped Administrator. For more information see, Recreating the Default Admin User.