Two-factor authentication

Last update: April 04 2024

Two-factor authentication

VMware Cloud Director® supports two authentication methods — through the local user base and through SAML single sign-on (SSO) technology.

You can connect two-factor authentication using any service. With the Multifactor system, you can connect two-factor authentication via SSO for individual users. Local authentication will work in parallel. In Cloud Director, the user base with local access and access via SSO will be shared.

Connect two-factor authentication via Multifactor⁠

1. Install Multifactor.
2. Create SAML app.
3. Configure SAML application.
4. Add Users.

1. Install Multifactor⁠

1. Register in the Multifactor control panel.
2. Install the Multifactor mobile app.

2. Create SAML application⁠

1. In the Multifactor Control Panel, go to Resources.
2. Click Add Resource.
3. In the Site block, select SAML application.
4. Enter the name of the resource.
5. Select an account provider.
6. If you selected Active Directory, enter the portal address.
7. Optional: To have a user automatically created in Multifactor the first time they are authorized in Cloud Director, enable the Register new users toggle switch.
8. Optional: To have the system require the user to self-configure 2FA and prevent the user from logging in to Cloud Director without it, check the Enable Self-Configuration/Deny Access checkbox.
9. Click Save.
10. On the SAML application page in the Multifactor Metadata block, download the SAML application metadata file.

3. Customize SAML application⁠

1. From Control Panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.

2. Open the Administration tab.

3. Go to Identity Providers → SAML.

4. Press Configure.

5. Open the Service Provider tab.

6. In the Entity ID field, insert the address of your cloud:

   • Moscow — https://vcd-msk.selectel.ru/tenant/<s-xxxx>/

   • St. Petersburg — https://vcd.selectel.ru/tenant/<s-xxxx>/

     Specify <s-xxxx> — organization name, can be viewed in the Cloud Director address bar or in control panel under VMware-based Cloud in the organization list.

7. Open the Identity Provider tab.

8. Turn on the Use SAML Identity Provider toggle switch.

9. Upload SAML application metadata file.

10. Press Save.

11. Open the Service Provider tab.

12. In the Service Provider Metadata field, click Retrieve Metadata. The metadata file will download to your device.

13. In the Multifactor Control Panel, go to Resources.

14. In the SAML application line, click Parameters.

15. In the Service Provider block, click Upload Metadata and upload the file.

4. Add users⁠

1. From Control Panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.
2. Open the Administration tab.
3. Go to Access Control → Users.
4. Click Import Users.
5. Enter the logins of users who will be able to connect through SSO.
6. Select the role that will be assigned to users.
7. Press Save.

Log in with two-factor authentication⁠

1. From Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.
2. In the upper right corner of the menu, click Log out.
3. This opens the Selectel vCloud Director Logout Page.
4. Click Login with Single Sign On.
5. Log in with your vendor account.
6. A one-time code will be sent to the Multifactor app.
7. Enter code.