Skip to main content
Two-factor authentication
Last update:

Two-factor authentication

VMware Cloud Director® supports two authentication methods — through the local user base and through SAML single sign-on (SSO) technology.

You can connect two-factor authentication using any service. Using the system Multifactor you can connect two-factor authentication via SSO for individual users. Local authentication will work in parallel. In Cloud Director, the user base with local access and SSO access will be shared.

Connect two-factor authentication via Multifactor

  1. Install Multifactor.
  2. Create a SAML application.
  3. Customize the SAML application.
  4. Add users.

Install Multifactor

  1. Check in Multifactor control panels.
  2. Install the Multifactor mobile app.

Create a SAML application

  1. В Multifactor control panels go to Resources.
  2. Click Add resource.
  3. In the block Website select SAML application.
  4. Enter the name of the resource.
  5. Select an account provider.
  6. If you've chosen Active Directory, enter the portal address.
  7. Optional: to have the user automatically created in Multifactor the first time he/she authorizes in Cloud Director, enable the toggle switch Register new users.
  8. Optional: for the system to require the user to configure the 2FA and not allow authorization in Cloud Director without it, check the checkbox Enable self-customization/ Deny access.
  9. Click Save.
  10. On the SAML application page in the block Multifactor metadata download the SAML application metadata file.

customize SAML application

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.

  2. Open the tab Administration.

  3. Go to the section Identity ProvidersSAML.

  4. Click Configure.

  5. Open the tab Service Provider.

  6. In the field Entity ID paste in the address of your cloud:

    • Moscow — https://vcd-msk.selectel.ru/tenant/<s-xxxx>/
    • St. Petersburg — https://vcd.selectel.ru/tenant/<s-xxxx>/

    Specify <s-xxxx> — organization name, can be viewed in the Cloud Director address bar or in the control panels under VMware-based cloud on the list of organizations.

  7. Open the tab Identity Provider.

  8. Turn on the toggle switch Use SAML Identity Provider.

  9. Download SAML application metadata file.

  10. Click Save.

  11. Open the tab Service Provider.

  12. In the field Service Provider Metadata click Retrieve Metadata. The metadata file will download to your device.

  13. В Multifactor control panels go to Resources.

  14. In the SAML application line, click Parameters.

  15. In the block Service provider click Download metadata and download the file.

Add users

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.
  2. Open the tab Administration.
  3. Go to the section Access ControlUsers.
  4. Click Import Users.
  5. Enter the logins of users who will be able to connect through SSO.
  6. Select the role that will be assigned to users.
  7. Click Save.

Sign in with two-factor authentication

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.
  2. In the upper right corner in the menu click Log out.
  3. The page opens Selectel vCloud Director Logout Page.
  4. Click Login with Single Sign On.
  5. Log in with your vendor account.
  6. A one-time code will be sent to the Multifactor app.
  7. Enter code.