With OpenStack, you can add extra protection for users with 2FA (two-factor authentication). With 2FA, you enter an additional code alongside your password to log in, which increases the security of your OpenStack account.
In this guide, you will learn where to activate, reset, or deactivate 2FA for your OpenStack user.
- You will need an authenticator app to generate the extra code, such as the Google Authenticator app.
- If you are still signed in to Horizon when you enable 2FA, you won’t be able to perform any actions afterwards; you will first need to sign in again to continue working in Horizon.
- When disabling 2FA, it can take a few minutes before it is actually disabled. If you sign in again immediately, you will receive an error message. This is due to caching of the 2FA settings.
Activate 2FA for an user
Step 1
Log in to the control panel and select ‘OpenStack’ in the left-hand menu. You will land on the ‘Projects’ tab.
Step 2
At the top, click the ‘Users’ tab and then click the ellipsis button (…) next to the relevant user. In the menu that appears, choose ‘Act 2FA’.
Step 3
Open your authenticator app (e.g. Google Authenticator, Microsoft Authenticator or Authy), scan the QR code, enter the 6-digit code and click ‘Confirm’.
Reset or disable 2FA
Step 1
Log in to the control panel and select ‘OpenStack’ in the left-hand menu. You will land on the ‘Projects’ tab.
Step 2
At the top, click the ‘Users’ tab. Click the ellipsis button (…) next to the relevant user and then choose ‘Reset 2FA’ or ‘Disable 2FA’ in the menu that appears.
- Reset 2FA: removes the existing 2FA link so you can immediately re-activate it with a new QR code (useful in case of device loss or app migration).
- Disable 2FA: turns off 2FA; you can then sign in without extra verification.
That’s it! You now know how to enable, reset, or disable 2FA for your OpenStack user.