Posted by Matthew Jeffels, Last modified by Matthew Jeffels on 19 September 2016 02:22 PM
This section allows you to configure the Two-Factor Authentication for your server. Two-Factor Authentication can help to increase the security of your server by causing users to have to enter two forms of authentication. In this case it would be the users password and a generated security code.
Two-Factor Authentication requires a smartphone or like device with a supported time-based one-time password (TOTP) app. The following apps offer this service:
To enable the Two-Factor Authentication service on your server first you need to enable it. Users will then need to configure there own Two-Factor Authentication or you can for them. Please make sure that users are aware that they will need to do this beforehand however as if a user is unable to use Two-Factor Authentication for what ever reason they would be locked out of there account.
The Settings tab allows you to set the Two-Factor Authentication Issuer parameter.
To do this first Click the Settings tab.
Enter what you wish the Issuer setting to be, or keep the default value. If you do not enter a name for the Issuer, it will default to the hostname.
Then Click Save to make these changes.
The Manage Users section displays the accounts for which you have configured Two-Factor Authentication. In addition it allows you to disable Two-Factor Authentication on those accounts.
Removeing Two-Factor Authentication from a user account
To remove a Two-Factor Authentication for a user account go to the Manage Users list, and click Disable to the right of that users account.
To remove multiple user accounts from the Manage Users list, first Select the Manage Users tab.
You can then select the checkboxes to the left of each users account that you wish to remove, or to remove them all, select the checkbox to the left of the "User" heading.
Finally you will need to click the gear icon on the top right of the list, and then select "Disable Selected".
Note: Select "Disable All" to remove every user account from the "Manage Users" list. This will however not disable Two-Factor Authentication on your own account.
Enable Two-Factor Authentication on a user account
You cannot enable Two-Factor Authentication for a user account through the WHM interface. Instead this has to be done through the users cPanel account. Which can either be done by yourself as root or themselves.
To enable Two-Factor Authentication for a user account as root, log in as the user to access cPanel's Two-Factor Authentication interface.
Manage My Account
The Manage My Account section allows you to set up Two-Factor Authentication for the root account or a reseller account.
Configure Two-Factor Authentication
You will then need create a link between your cPanel account and your Two-Factor Authentication app:
You will then need to use your application to retrieve the six-digit security code.
Be aware that The Two-Factor Authentication app generates a new six-digit security code for your cPanel account every 30 seconds and the code must be entered and confirmed within this time period.
Then Enter the six-digit security code into the "Security Code" text box.
Finally Click "Configure Two-Factor Authentication".
Remove Two-Factor Authentication
To remove Two-Factor Authentication, simply click "Remove Two-Factor Authentication".
Reconfigure Two-Factor Authentication
In order to reconfigure the Two-Factor Authentication, simply click Reconfigure. Then, follow the steps in order to configure Two-Factor Authentication.