As of 1.9.0 the Ziti Desktop Edge for Windows supports Time-based One-time Passwords as a secondary form of authentication. Enabling MFA is straight forward and can be done by following the steps outlined below.
After enrolling an identity click on it and open the detail page. On the detail page click the toggle to enable mfa:
After toggling the toggle, a QR Code will be generated and displayed and will look like:
- Shows the QR Code. Use your mobile to scan the code into an authenticator application of your choice.
- If a OTP-style application is installed and is mapped on the system to open links starting with
otpauth:// - Show Secret will show you the secret that can be used to manually install the token into an authenticator app
- Once the token is imported into the authenticator app - enter the 6-digit code into the "Authentication Code" field and click the button to enroll the identity for MFA.
After enrolling the identity it will be automatically authorized for the current session and recovery codes will be shown. Save these recovery codes as they will be needed in case the token is ever lost.
Save the codes some place safe and close the screen. The detail screen will change and show two new icons:
- The first icon will show the recovery codes for the identity if needed
- The lock icon show the MFA status and represents if the identity has successfully been authorized.
After being enrolled should the session become invalid the lock icon will change to a yellow color and be shown on the main page. Click on the lock icon on either screen or click the "Authenticate" button on the detail page to initiate authentication.
A dialog will be shown. Enter the code code and complete authentication.
