How to set up a multi-factor authentication device for two-factor authentication in the Ivanti Neurons platform.
The Ivanti Neurons platform requires two-factor authentication (2FA) to access vulnerability data. Two-factor authentication requires that users provide two different items to authenticate their login: first, something that the user knows (their password) and second, something the user has (a security token from either their email or a multi-factor authentication [MFA] device).
To set up an MFA device, click your initials in the top-right corner of the screen and click User Settings.
In the Security section, click the drop-down menu under Two Factor Authentication and select MFA Device.
Several blue buttons appear; before clicking anything else, download and install an authenticator application for your phone. Download Google Authenticator or another MFA application from your phone’s app store (e.g., DUO Security, LastPass Authenticator, etc.). For this guide, we will use Google Authenticator.
Back in Ivanti Neurons, click the Save button. A QR code pops up on the screen. Above the QR code is a written-out code. If the QR code scan is not an option, use the written-out code for manual entry.
Open the MFA application on your device (in this instance, Google Authenticator). Click the Plus (+) button in the upper-right hand corner of the application, allowing you to add a new login code.
The easiest way to do this is to click Scan Barcode and use your phone’s camera to scan the QR code displayed in Ivanti Neurons. Either scan the code or manually enter the code into the authenticator application. A new Ivanti Neurons security token will be added to your authenticator application.
Next time you log into Ivanti Neurons and it prompts for a code, open the authenticator application and type in the code displayed on the screen under Ivanti Neurons.
Once your MFA device is set up, we strongly recommend generating recovery codes. These codes allow the user to access the platform in case of device or application loss/failure. To create recovery codes, click the Generate New Codes button.
When the recovery codes dialog box appears, copy the codes to a safe location. Once a code is used, it is no longer valid and cannot be reused.
The following list describes the available buttons in the Two-Factor Authentication settings.
- Save: Save the selection if changing from email to an MFA device or vice versa.
- Show Code: Generates a code for your authenticator or shows the currently used code.
- Update Code: This generates a new two-factor authentication code.
- Generate New Codes: This button generates ten, one-time use codes. If your MFA device is lost or destroyed, these ten codes give you a way to access the platform without the device and set up a new one.