Skip to main content

Use MFA

Introduction to 2FA

Two-Factor Authentication (2FA) is a kind of Multi-Factor Authentication (MFA).

2FA typically uses the Time-based One-Time Password Algorithm (TOTP) for authentication. If the value generated on the user’s device matches the value computed on the server within an acceptable time window, the verification passes.

This algorithm does not require internet connectivity or client-server interaction during code generation, making it more secure than SMS-based verification (which can be intercepted).

Scope

BladePipe 2FA is primarily used in the login process of BladePipe Enterprise.

After entering the correct username/password or verification code, if MFA is enabled, users must enter the 6-digit code generated by an authenticator app for a second verification.

MFA settings can be configured separately for primary account and sub-accounts. Supported authenticator apps include Microsoft Authenticator and Google Authenticator.

Enable MFA

  1. Log in to the BladePipe Console.
  2. Go to Settings > Profile > Security.
  3. Click Set Up, then scan the QR code using your authenticator app. A BladePipe item will appear in the app.
  4. Enter the latest 6-digit code and confirm. MFA is now enabled.

Use MFA

  1. Log in to the BladePipe Console by entering your username and password, then click Sign in.
  2. Open your authenticator app, find BladePipe, and enter the 6-digit code.
info

Step 2 has a 120-second timeout limit. If it times out, return to the login page and re-enter your username and password.

Disable MFA

  1. Log in to the BladePipe Console.
  2. Go to Settings > Profile > Security.
  3. Enter the 6-digit code from your authenticator app. If verification passes, MFA will be disabled for the current account.
  4. Remove the corresponding BladePipe item from your authenticator app.

Reset MFA

  1. Log in to the BladePipe Console.
  2. Go to Settings > Profile > Security.
  3. Click Reset, then scan the QR code using your authenticator app. If the app prompts that BladePipe already exists, you can save it under a different name.
  4. Enter the latest 6-digit code and confirm. MFA is now reset.
  5. Remove the old BladePipe item from your authenticator app.
info

If a name conflict occurs in Step 3, do not delete the old BladePipe item immediately. If you delete it first and the reset process is interrupted, you will not be able to complete the reset.

In that case, MFA can only be reset by modifying account metadata.

FAQ

Q:
I enabled MFA, but I lost/changed my phone, deleted the BladePipe item in my authenticator app, or uninstalled the authenticator app. What should I do?

A:
If you are still logged in to BladePipe, you can initialize MFA by following the Reset MFA steps above.

If you cannot log in, you will need to log into the BladePipe metadata database (clougence_rdp), update the use_mfa field to 0 for the affected user in the rdp_user table, and delete the corresponding user record from the rdp_user_mfa table.