| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2020-06-09 |
MFA, multifactor authentication, external authentication, order authentication, Symantec, phone-based authentication, cancel authentication order |
account |
{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:external: target="_blank" .external} {:tip: .tip}
{: #external}
As an administrator with the correct access, you can order external authentication and enable the multifactor authentication (MFA) option for a user's login. You are charged a monthly fee for the external authentication options. This type of multifactor authentication (MFA) is required only for the account where the setting is enabled unlike ID-based MFA. For more information, see Types of multifactor authentication. {:shortdesc}
{: #ordering}
You can order external authentication for a user if you are the master user or if you have the Manage User and Add/Upgrade Services permissions.
To order external authentication, complete the following steps:
- In the {{site.data.keyword.cloud}} console, click Manage > Access (IAM), and select Users.
- Select a user from the list.
- From the User details page, select Order external authentication in the Manage user's login section.
- Select Symantec identity protection or Phone-based identity protection.
- For Symantec authentication, the user must download the Symantec VIP{: external}
app and obtain a credential ID to continue with the ordering process. - For phone-based authentication, you can proceed with the order, but your user must set up their configuration before you can enable the option.
- For Symantec authentication, the user must download the Symantec VIP{: external}
- Based on your selection, follow the prompts to review the price and terms before you place the order.
- Click Order to finalize your selection.
After Symantec authentication is ordered, you can turn on the option for the user from the User details page. And, after phone-based authentication is ordered and then configured by the user, you can turn on the option for the user from the User details page.
{: #third-party-MFA}
You or your account administrator can order Symantec or phone-based authentication for you for a monthly cost. For you to order external authentication, you must have the add services classic infrastructure permission. To find out whether external authentication is enabled, go to {{site.data.keyword.avatar}} icon 
> Profile and settings, and select Login settings.
If your account administrator chooses to order Symantec identity protection, you must work with your administrator to help them complete the order by providing your credential ID:
- Go to Symantec VIP.
- Click Download.
- Get your credential ID and provide the ID to your administrator to complete the order.
After your administrator orders and enables the option, you can use the app for login authentication.
You can set up and use phone-based identity protection after your account administrator orders and enables it.
- Go to the {{site.data.keyword.avatar}} icon
> Profile and settings, and select Login settings. - If Phone-based MFA is disabled, click Go to User details.
- In the Manage user's login section, turn on phone-based authentication.
- To provide contact information for the authentication, click the Edit icon
. - Complete all the fields. You can specify whether to receive a phone call or a text message as the authentication method. If you want to require a PIN, select the option from the Pin type list, and provide the PIN you want to use.
- Click Apply.
{: #disable}
You can disable Symantec or phone-based MFA for a user at any time.
- In the console, click Manage > Access (IAM), and select Users.
- Select a user from the list.
- From the User details page, set the Symantec authentication or Phone-based authentication option to off.
{: #cancel}
You can cancel your order for external authentication at any time, if you have the correct access. You can choose to cancel immediately without any refund, or you can choose to cancel it at the one year mark from when you ordered it.
To cancel an order for external authentication, you must be an account owner or have all of the following access:
- Manage users classic infrastructure permission
- Cancel services classic infrastructure permission
- Administrator for the Support Center account management service or the view, edit, and add ticket migrated classic infrastructure permissions that are not available within the migrated permission access groups.
To cancel the external authentication order, complete the following steps:
- In the console, click Manage > Access (IAM), and select Users.
- Select a user from the list.
- From the User details page, click Delete
for the Symantec authentication or Phone-based authentication. - Select when to remove it.
- Click Remove.
