Two Factor authentication (2FA) for Red Hat Customer Portal

Resolution

Two-factor authentication (2FA) is currently available for customers in two ways:

• Organizational 2-factor authentication - All users that belong to the organization account will be required to use a second factor each time they authenticate. Users will be prompted to enable 2FA upon the first log in after the organization account is enrolled.

• Individual opt-in 2-factor authentication - users choose to enable 2FA for their individual login after authenticating.

Note: The current implementation of 2FA only applies to applications using a browser-based authentication flow on external SSO. It does not apply to command line authentication flows. Users utilizing these services will still be able to log in with username and password, without a One Time Password (OTP).

• Currently, the RH implementation of 2FA requires that a user logging in possesses a mobile phone capable of installing either the FreeOTP or Google Authenticator application. Hardware and SMS tokens and other mobile authenticator apps are not supported at this time. Customers who must authenticate in a secure environment that does not enable them to carry a mobile device should not enable 2FA.

I want to enable two-factor authentication (2FA) for an individual Customer Portal login ID

Users can enable 2FA for their login ID via the Signing in page. See the product documentation for detailed information on set up.

I want to set up recovery codes

• All users who enable 2FA for their log in ID should set up recovery codes for use in the event they do not have access to their mobile device in order to produce a one-time code. The process for setting up recovery codes is outlined in the product documentation

I am an Organization Administrator of an account. I want to set up organizational 2-factor authentication for my account so that all users under the same account must use two-factor authentication (2FA)

• To enable organizational two-factor authentication, visit the Identity & Access Management area on the Hybrid Cloud Console beta site. While the UI for enabling this feature is on Hybrid Cloud Console, this feature affects log in on any Red Hat web property integrated with sso.redhat.com (Customer Portal, Partner Connect, Red Hat Developers, Hybrid Cloud Console itself, and many more). Refer to the product documentation for detailed information.

I am not sure if the login ID I am using is enabled with two-factor authentication (2FA)

• To see if the login ID is configured with two-factor authentication, login as the login ID in question. After entering your password, if you are not prompted for a 1-time code, the login is not configured with two-factor authentication.

I have already enabled two-factor authentication (2FA) and I want to revoke/remove it, or to add a new authenticator

• You can revoke the current authenticator and/or add a new one from the Signing in page.

You will no longer be asked 1-time code.

Users on accounts whose Organization Administrator has enabled two-factor authentication at the organization level as per above, will be prompted to configure 2FA for their user upon their next log in attempt.

I do not have access to the authenticator and have not set up recovery codes. I am not able to login to Customer Portal

*Contact Customer Service for assistance.