Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
linenumbersfalse
vss-cli account --no-load set mfa --help

Usage: vss-cli account set mfa [OPTIONS] COMMAND [ARGS]...

  Set account MFA settings.

Options:
  --help  Show this message and exit.

Commands:
  get-token  Request TOTP token.
  mk         Enable MFA with Time-based One-Time Password.
  rm         Disable existing MFA setup.
  verify     Verify existing MFA setup.

Anchor
Enable
Enable
Anchor
MultiFactorAuthenticationwithTime-basedOne-TimePassword(TOTP)-Enable
MultiFactorAuthenticationwithTime-basedOne-TimePassword(TOTP)-Enable
Enable

MFA is enabled by adding the mk sub-command and providing the method to generate or get the TOTP codes. Currently, the ITS Private Cloud supports EMAIL, AUTHENTICATOR or SMS.

...

Code Block
languagebash
linenumbersfalse
vss-cli account --no-load set mfa mk AUTHENTICATOR

Endpoint [https://cloud-api.eis.utoronto.ca]:
Username: jm
Password:
Repeat for confirmation:
Do you have a phone to scan a QR Code to generate TOTP codes? [y/N]: y

Please, scan the QR code with any authenticator App
(DUO, Google Authenticator, Authy, etc) or password manager.

[ QR Code ]

Do you like to display the security key? [y/N]: y
Use the following key if you are unable to scan the QR Code:

[ TOTP KEY ]

Recovery codes are used to access your account in
the event you cannot get two-factor authentication codes.

[ recover_code 1 ]
[ recover_code 2 ]
[ recover_code 3 ]
[ recover_code 4 ]
[ recover_code 5 ]
[ recover_code 6 ]
[ recover_code 7 ]
[ recover_code 8 ]

Would you like to save the codes into a text file? [y/N]: y
Written <username>_<issuer>_recovery_codes.txt with recovery codes.

Enter the 6-digit Code to verify enrolment was successful: XXXXXX

Anchor
Disable
Disable
Anchor
MultiFactorAuthenticationwithTime-basedOne-TimePassword(TOTP)-Disable
MultiFactorAuthenticationwithTime-basedOne-TimePassword(TOTP)-Disable
Disable

Disabling MFA can be done by using the rm command. When executed, an email will be sent to the account’s email address where a link valid for 15min which would have to be accessed for confirmation along with your credentials.

...