- Home
- Documentation
- Nexus Two Factor Authentication
Nexus Two Factor Authentication
-
Documentation
- Release Notes
- Get Started
- Nexus Server
- Nexus Application
- Nexus Stacks
- Nexus Two Factor Authentication
- Nexus GUI and Modules
- Access Gates
- Access Keys
- Block Storage
- Codespaces
- Cron Scheduler
- Data Bright
- Data Gate
- Data Insight
- Data Spark-house
- Data Spark-nodes
- Data Spark-solaris
- Data Stream
- Desktops
- Event Hub
- Firewall
- Flow-fx
- Groups
- Identities
- Instances-cn
- Instances-vm
- Instances-xvm
- Load Balancer
- Magna-app
- Magna-buckets
- Magna-db
- Magna-nodes
- Magna-s3
- Magna-se
- Magna-sqld
- Magna-sqlr
- Name Server
- Notification Gate
- Object Storage
- Private Network
- Repositories
- Roles
- SIEM Collector
- Secret Keys
- Security Scanner
- Serverless-api
- Serverless-flow
- Serverless-fx
- Serverless-json
- Serverless-mq
- Serverless-spark
- Sky Link
- Sky Nodes
- Solution Stacks
- VPN Manager
- Vista Sessions
- Nebula System
- Vista Connect
Description
Nexus Two-Factor Authentication (2FA) enhances security by incorporating dynamic PIN verification into the Nexus and Vista authentication processes. To activate 2FA, an authenticator app on a smartphone is required. This can be any app that supports the TOTP (Time-Based One-Time Password) standard, such as Google Authenticator or Microsoft Authenticator.
Important
Two-Factor Authentication (2FA) can be used alongside AD Domain authentication on your Nexus Server.
Two-Factor Authentication (2FA) can be used alongside AD Domain authentication on your Nexus Server.
2FA Activation
To activate Two-Factor Authentication (2FA) for an identity (User Login), follow these steps:
Nexus Administrator
The following activation procedure must be performed by the administrator.
-
Click on "Account" located in the top right corner of the Nexus GUI interface, then
select "Identities".
-
Locate the identity for which you want to activate Two-Factor Authentication (2FA), and
either double-click on the corresponding List Card or select "Edit Identity" from the
List Card Actions menu.
-
Change the "Method" field to "Two Factor Authentication" and click the "Update" button.
Nexus Identity (User)
The following activation procedure must be completed by the user.
-
If you are currently signed in to Nexus or Vista, please log out.
-
Ensure you have your smartphone ready with an Authenticator App installed.
-
Open your browser and go to https://YOUR_NEXUS_FQDN/c/session, then sign in with your
credentials.
-
Once you see a QR code, open your authenticator app and scan the code, or manually enter
the displayed key at the bottom of the QR code to register your authentication secret.
For more details, please refer to the manual of your authenticator app.
-
After successfully adding your secret to your authenticator app, click the "Continue"
button on the screen.
-
Enter the PIN code from your authenticator app and sign in.
2FA Nexus Sign In Workflow
After 2FA activation, the sign-in workflow for Nexus will proceed as follows:
-
Sign In Attempt: Enter your email address or user name and password on the
Nexus login page.
-
2FA Prompt: After the initial credentials are accepted, you will be prompted to
enter a dynamic PIN.
-
Open Authenticator App: Open your authenticator app on your smartphone.
-
Retrieve PIN: Obtain the current PIN code generated by the app.
-
Enter PIN: Input the PIN code from the authenticator app into the Nexus 2FA
prompt.
-
Access Granted: Upon successful PIN verification, you will gain access to your
Nexus account.
2FA Vista Sign In Workflow
After 2FA activation, the sign-in workflow for Vista will proceed as follows:
-
Open Authenticator App: Open your authenticator app on your smartphone.
-
Retrieve PIN: Obtain the current PIN code generated by the app.
-
Sign In Attempt: Enter your email address or user name and the PIN code from the
authenticator app on
the Vista login screen.
-
Access Granted: Upon successful PIN verification, you will gain access to your
Vista Sessions.
-
Vista Session Authentication: Vista Sessions include an additional layer of
authentication specific to each session type.