Edwin de Bruin
The VMware Authenticator App is GA!
Bijgewerkt op: 21 jun. 2022
As I mentioned in my previous blog VMware Verify goes EoS and EoA on on October 31st, 2022.
VMware developed (sort of) 2 alternatives:
Intelligent HUB verify and the Authenticator App.
Yeah Great news!: The Authenticator App is GA (Globally Available) since 10-06-2022
What is the Authenticator App?
Authenticator App (any app supporting TOTP RFC 6238 standard)*: By adding support for authenticator apps that use time-based one-time passcodes (TOTP) such as Microsoft Authenticator, Google Authenticator, Okta Verify, Authy; customers can enable their users to configure their device for second-factor authentication, free of charge.
How to enable this Authenticator App?
First use the new navigation layout by selecting New Navigation(or you will find there's a little caveat I will explain later)
1. Go to “Integration”
2. Click “Authentication Methods”
3. Select “Authenticator App”
1. Click “Configure”
Enable the Authenticator App.
Of course you can edit change the values of number of retries, lock-out time etc to your needs. Custom text for registration and recovery is also possible. I don’t use this cause the default text follows the browser language.
So when I enter a custom message in English and the users browser is Dutch you get a “mixed language” experience. In my opinion the default text clarifies enough.
Click Save when done.
Now we have to enable this on our IDP.
1. Click on “Identity Providers”
2. Click on the IDP
Enable the “Authenticator App” and click Save
Next is to enable this auth method in your policy. This example is made in a Testdrive environment so will enable this only in the Default access policy.
1. Click on Resources
2. Click on Policies
3. Click on the default access policy
In Configuration edit the the range and device type you want to apply the Authenticator App to.
Add the Authenticator App and click SAVE
and in the summary save again.
And you’re done!
Lets Register and Login!
Now when the user logs in the user can register (scan) the token in the authenticator app of choice! (needless to say.. of course it has to support the TOTP RFC 6238 standard)
Initial Registration/MFA screen the user sees:
and you're in!
Next time the user will see this screen when logging in :
Sometimes It might be necessary to reset the token of a user. (lost phone, dropped it in toilet or simply because you want to..)
This process is very easy:
1. Enter the username in the search bar on top:
2. Click on the Username
1. Click on “Two-Factor Authentication”
2. Click RESET
IMPORTANT NOTE: To be able to do this the view needs to be in the New Navigation Layout.
Otherwise there is no option to reset the token…
Well.... enjoy and see you next time!