Two-Factor Authentication

Aruba Central now supports two-factor authentication for both computers and mobile phones to offer a second layer of security to your login, in addition to password. When two-factor authentication is enabled on a user account, the users can sign in to their Aruba Central account either through the mobile app or the web application, only after providing their password and the six-digit verification code displayed on their trusted devices.

When two-factor authentication is enabled at the customer account level, all the users belonging to the customer account are required to complete the authentication procedure when logging in to Aruba Central. If a user account is associated with multiple customer accounts and if two-factor authentication is enabled on one of these accounts, the user must complete the two-factor authentication during the login procedure.

If two-factor authentication is enabled on your accounts, you must install the Google Authenticator app on your devices such as mobile phones to access the Aruba Central application. When the users attempt to log in to Aruba Central with their credentials, the Google Authenticator app provides a six-digit verification code to complete the login procedure.

Installing the Google Authenticator App

For two-factor authentication, ensure that the Google Authenticator app is installed on your mobile device.

During the registration process, the Aruba Central application shares a secret key with the mobile device of the user over a secure channel when the user logs in to Aruba Central. The key is stored in the Google Authenticator app and used for future logins to the application. This prevents unauthorized access to a user account as this authentication procedure involves two-levels for secure transaction.

When you register your mobile device successfully, the Google Authenticator app generates a six-digit token for the second level authentication. The token is generated every thirty seconds.

Enabling Two-factor Authentication for User Accounts

To enable two-factor authentication, complete the following steps:

  1. In the Account Home page, under Global Settings, click Users & Roles.

    The Users and Roles page is displayed.

  2. From the Actions menu, slide the Two-Factor Authentication (2FA) toggle button to the right. The two-factor authentication is enabled for all the users associated with the account.

Two-factor Authentication for Aruba Central Web Application

When two-factor authentication is enabled for a customer account, the users associated with that customer account are prompted for two-factor authentication when they log in to Aruba Central.

To complete two-factor authentication, perform the following actions:

  1. Access the Aruba Central website.
  2. Log in with your credentials. If two-factor authentication is enforced on your account, the two-factor authentication page opens.
  3. Install the Google Authenticator app on your mobile device if not already installed.
  4. Click Next.
  5. If this is your first login since two-factor authentication is enforced on your account, open Google Authenticator on your mobile device.
  6. Scan the QR Code. If you are unable to scan the QR code, perform the following actions:
    1. Click the Problem in Reading QR Code link. The secret key is displayed.
    2. Enter the secret key in the Google Authenticator app.
    3. Ensure that the Time-Based parameter is set. Aruba Central is added to the list of supported clients and a six-digit token is generated.
  7. Click Next.
  8. Enter the six-digit token.
  9. Select the Remember 2FA for 30 Days check box if you want the authentication to expire only after 30 days.
  10. Click Finish.

Two-factor Authentication for the Aruba Central Mobile App

Two-factor authentication must first be enabled for your account. If two-factor authentication is not enabled, you log in to the application directly after a successful SSO Single Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts. authentication.

To log in to Aruba Central app on your mobile device, perform the following actions:

  1. Open the Aruba Central app on your mobile device.
  2. Enter your username and password and click Log in. If the registration process is pending, an error message is displayed:

    Please register for two-factor authentication in our web app to ensure secured authentication.

  3. Enter the token. On successful authentication, the Aruba Central app opens.

Registering a New Mobile Device

If you have changed your mobile device, you need to install Google Authenticator app on your new device and register again using a web browser on your Desktop for two-factor authentication.

To register your new mobile device, complete the following steps:

  1. Log in to Aruba Central web application. The two-factor authentication page is displayed.
  2. Click the Changed Your Mobile Device? link.
  3. To register your new device and receive a reset email with instructions, click Send 2FA Reset Email. A reset email with instructions will be sent to your registered email address:

    Figure 1  Reset Tow-Factor Authentication Email

  4. Follow the instructions in the email and complete the registration.