Manage Multi-Factor Authentication

Multi-factor authentication (MFA) is supported in DevOps Secrets Safe by defining MFA configurations and then associating DevOps Secrets Safe principals with those configurations and the corresponding identities in remote MFA providers.

Multi-factor authentication can be configured using the Command line interface or the API. Management permissions for MFA configurations are Create, Read, Update, and Delete operations on the resource path: /system/multi_factor.

List Multi-Factor Authentication Provider Configurations

ssrun mfa get

This command returns a JSON array of all MFA provider configurations.

ssrun mfa get
[
  {
    "Type": "duo",
    "Name": "BeyondTrustDuo",
    "Options": {
      "IntegrationKey": "my integration key",
      "SecretKey": "my-secret-key",
      "Host": "api-myorg.duosecurity.com"
    }
  },
  {
    "Type": "duo",
    "Name": "Secrets Safe Duo",
    "Options": {
      "IntegrationKey": "secrets safe integration key",
      "SecretKey": "dss-secret-key",
      "Host": "api-dss.duosecurity.com"
    }
  }
]

Create Multi-Factor Authentication Provider Configuration

ssrun mfa create -f myConfig.json

This command creates the MFA configuration described in the file myConfig.json.

For valid configuration samples, please see Configure Supported Multi-Factor Authentication Providers.

Update Multi-Factor Authentication Provider Configuration

ssrun mfa update -f updatedConfig.json -n <my_configuration_name>

This command updates the MFA configuration with the contents of the updatedConfig.json configuration file.

The name field for a configuration is static and cannot be changed by an update operation. All other fields are eligible for modification.

Delete Multi-Factor Authentication Provider Configuration

ssrun mfa delete -n <my_configuration_name>

This command deletes the configuration named <my_configuration_name>.