Enable two-factor auth for your Apigee account

Two-factor authentication is an easy-to-use best practice that adds an additional layer of protection for your Apigee account. To log in to your account when two-factor auth is enabled, you must supply your username and password and a 6-digit number. The number is randomly generated, changes every 30 seconds and can only be used only one time to log in.

This topic explains how to set up and use two-factor auth.

To learn more about two-factor auth, check out the article Two-factor Authentication Using One-time Passwords on the Apigee Community.

Setting up two-factor auth

You can enable two-factor auth for an entire organization or per individual.

Enable two-factor auth for an entire organizataion

To enable two-factor auth for all users in an organization:

  • Enable SAML as described at Enable SAML.
  • After SAML is enabled, you can manage all authentication policies, such as password length, password strength, and two-factor auth, through your SAML identity provider.

Enable two-factor auth individually

To enable two-factor auth, you must install Google Authenticator on your iPhone or Android phone.

Enable two-factor auth in your Apigee account settings, as described below.

Edge

To enable two-factor auth in your Apigee account settings using the Edge UI:

  1. Sign in to https://apigee.com/edge.
  2. Click your username to open the account menu and click Edit Account.


  3. Follow the instructions in the setup screen. You'll need access to the Google Authenticator app to complete the steps.
  4. When you see the message Device added successfully, you're done!

Classic Edge (Private Cloud)

To access the Users page using the Classic Edge UI:

  1. Sign in to http://ms-ip:9000 as an organization administrator, where ms-ip is the IP address or DNS name of the Management Server node.
  2. Select username > User Settings.
  3. Click Edit Account.
  4. Follow the instructions in the setup screen. You'll need access to the Google Authenticator app to complete the steps.
  5. When you see the message Device added successfully, you're done!

Signing in with two-factor auth

Now that your phone is successfully linked through the Google Authenticator app, you can sign in the way you normally do, but you'll need to enter the 6-digit number generated by the app on your phone.

  1. Go to the Apigee sign-in page.
  2. Enter your username and password.
  3. Open the Google Authenticator app on your phone.
  4. Enter the 6-digit number from the app in the sign-in page: