ONTAP 9 Manuals ( CA08871-402 )

Configure local user account for MFA with TOTP

Beginning in ONTAP 9.13.1, user accounts can be configured with multifactor authentication (MFA) using a time-based one-time password (TOTP).

Before you begin
  • The storage administrator must enable MFA with TOTP as a second authentication method for your user account.

  • Your primary user account authentication method should be a user password or public SSH key.

  • You must configure your TOTP app to work with your smartphone and create your TOTP secret key.

    TOTP is supported by various authenticator apps such as Google Authenticator.

Steps
  1. Log in to your user account with your current authentication method.

    Your current authentication method should be a user password or an SSH public key.

  2. Create the TOTP configuration on your account:

    security login totp create -vserver "<svm_name>" -username "<account_username >"
  3. Verify that the TOTP configuration is enabled on your account:

    security login totp show -vserver "<svm_name>" -username "<account_username>"
Top of Page