Two-factor authentication is an easy-to-use best practice that adds an additional layer of protection for your Apigee account. To log in to your account when two-factor auth is enabled, you must supply your username and password and a 6-digit number. The number is randomly generated, changes every 30 seconds and can only be used only one time to log in.
This topic explains how to set up and use two-factor auth.
To learn more about two-factor auth, check out the article Two-factor Authentication Using One-time Passwords on the Apigee Community.
Setting up two-factor auth
You can enable two-factor auth for an entire organization or per individual.
Enable two-factor auth for an entire organizataion
To enable two-factor auth for all users in an organization:
- Enable SAML as described at Enable SAML.
- After SAML is enabled, you can manage all authentication policies, such as password length, password strength, and two-factor auth, through your SAML identity provider.
Enable two-factor auth individually
You need to enable two-factor auth in your Apigee account settings.
- Log in to your Apigee account in the management UI at https://apigee.com/edge.
Install Google Authenticator on your iPhone or Android phone.
This app generates the 6-digit code you need for two-factor authentication. In the following steps, you will link this app to your Apigee login account.
- Click your username to open the account menu and click Edit Account.
- Click Setup Two-factor authentication.
- Follow the instructions in the setup screen. You'll need access to the Google Authenticator app to complete the steps.
- When you see the message Device added successfully, you're done!
Logging in with two-factor auth
Now that your phone is successfully linked through the Google Authenticator app, you can log in the way you normally do, but you'll need to enter the 6-digit number generated by the app on your phone.
- Go to the Apigee login page.
- Enter your username and password.
- Open the Google Authenticator app on your phone.
- Enter the 6-digit number from the app in the login page: