Multi-factor authentication (MFA) enables a higher level of security when accessing JFrog applications. When enabled, in addition to their user credentials, users will have to authenticate with a one-time password (OTP) generated by an additional authentication factor - the Google Authenticator application. This ensures that in the case where a users' credentials have been compromised, the multi-factor authentication method will prevent malicious users from gaining access to JFrog applications.
Enable Multi-factor Authentication
Perform the following steps to enable multi-factor authentication for users in the JFrog Platform.
Navigate to Administration Module | User Management | Settings, if you use the classic navigation.
Select Platform Security|General.
Scroll to Multi-factor Authentication.
Select Enable Google Authenticator.
Follow the steps of Logging in using Multi-factor Authentication after it is enabled.
Note
Multi-factor authentication is applied to all users of the JFrog Platform application.
Reset Enrollment
In the case a user's ability to log in using multi-factor authentication is compromised, an Administrator should reset the user's enrollment status by performing the following steps.
Navigate to Administration Module | User Management | Users, if you use the classic navigation.
Select User Management| Users.
Select the specific user and in the Edit screen, select Reset MFA Enrollment.
The user will have to follow the enrollment steps again to authenticate.
If an Administrator loses the capability of signing in using the multi-factor authentication method, the Administrator should bootstrap a new Administrator or an existing Administrator with new credentials to reset the multi-factor authentication for the bootstrapped Administrator. For more information see, Recreating the Default Admin User.