Backstage Help

Using Multi-factor Authentication with Backstage

Last updated Oct 11, 2022

This article explains how to use multi-factor authentication with Backstage

Registering

This article assumes that you've already registered a multi-factor authentication (MFA) device with Backstage. If you haven't and would like to, please follow the following article to get started: Registering for Multi-factor Authentication.

How to use each method

Backstage supports the following MFA methods:

  • App-based authenticator OTP (OATH): a 6-digit, limited-time password generated by a mobile device. Usable with the
      ForgeRock or the Google Authenticator app, available in the App Store and the Google Play Store.
  • Push authentication: Push message based authentication with a mobile device; requires the ForgeRock
      Authenticator app.
  • WebAuthn: Hardware token (e.g. YubiKey) or biometric (e.g. Touch ID) authentication in your
      browser. Please note that WebAuthn is only supported in the latest versions of Chrome, Firefox and Edge.

The following sections provide a step-by-step guide on how to use each method of MFA.

App-based authenticator one-time password (OTP)

  1. The first step in the authentication flow is to enter your username and password.
  2. You will be presented with a page and prompted to enter the OTP from the Forgerock Authentication app or another app such as the Google Authenticator. Please note that the OTP required here is generated by the app on the mobile device that you used to register. The OTP is not sent in an email or SMS.
  1. Open the authenticator app (the screenshot below shows the ForgeRock Authenticator app) and enter the OTP from the app into the input field in your browser:
  1. The OTP is then verified and if it's valid, then the authentication flow continues.

Push Authentication

  1. The first step in the authentication flow is to enter your username and password.
  2. A push notification will be sent to the device you registered and a spinner will be shown in your browser, as seen below:
  1. Open the ForgeRock authenticator app and choose “Accept” to validate the request:
  1. The authentication flow will then continue in your browser.

WebAuthn

  1. The first step in the authentication flow is to enter your username and password.
  2. You will then be prompted to insert your hardware token or complete biometric verification:
  1. If verification is successful, then the authentication flow will continue.

Recovery

If, for whatever reason, you can no longer use your MFA device to authenticate, please follow the steps in the following article to recover your account: Backstage Account Recovery.
Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.