Configure Google Multi-Factor Authentication (MFA)
If your organization has not standardized on SAML SSO for Aperture administrator logins, you can setup multi-factor authentication (MFA). You must be an Aperture Super Admin to set or change the authentication settings on the Aperture service. When you enable MFA for Aperture, you strengthen your security posture and protect your account by logging in with something you know (your password) and something you have (such as a verification code sent to your phone). Verification codes are uniquely crafted for your account and will be sent to your phone via text, voice call, or the Google mobile app.
- Configure your device for MFA.Your Android device must be running Android version 2.1 or later to use Google MFA. Your iPhone, iPod Touch, or iPad must have the latest operating system for your device, and your iPhone must be a 3G model or later in order to set up the app using a QR barcode.
- Log in to the Aperture service using your
current credentials. Click Proceed to setup MFA.If you are a new administrator, you will be prompted to change your password. Your new password must be a minimum of 12 characters, and contain non-alphanumeric characters, digits, and upper and lower case letters.
- Install the Google Authenticator app to your mobile device.
- Log in to the Aperture service using your current credentials. Click Proceed to setup MFA.
- Link your mobile device to your account in Aperture.
- Using QR Barcode—
Select Barcode View. If the authenticator
app cannot locate a barcode scanner app on your mobile device, you
may be prompted to download and install one. If you want to install
a barcode scanner app so you can complete the setup, select Install,
and then go through the installation process. Once the app is installed, reopen
Google Authenticator, then point your camera at the barcode on your
- Using Private Key— Select Private Key View and then enter the private key on your authenticator app.
- You will be prompted to Regenerate Key? to sync to the authenticator app. Click OK to receive two consecutive passcodes.
- In Aperture, enter the two passcodes and Save the setup.
- Read and Accept the End-User
License Agreement (EULA).To test that the app is working, enter the verification Code from your mobile device and then Verify. A confirmation message will display if your code is correct. Save to exit the setup. If your code is incorrect, try generating a new verification code on your mobile device, and then entering it in your computer.
- Using QR Barcode— Select Barcode View. If the authenticator app cannot locate a barcode scanner app on your mobile device, you may be prompted to download and install one. If you want to install a barcode scanner app so you can complete the setup, select Install, and then go through the installation process. Once the app is installed, reopen Google Authenticator, then point your camera at the barcode on your computer screen.
- Configure MFA in Aperture.As an Aperture Super Admin, you can change the Authentication settings for any account except your own. To change your Authentication settings, another Super Admin must configure your account.
Administrators will see this authenticator message after entering their Aperture credentials.
- Select SettingsAuthentication.
- Select an Authentication method:
- Local Authentication— User access is granted only after successfully presenting a passcode pair or QR barcode evidence to the MFA mechanism.
- Single Sign-On— A single sign-on login event provides automatic access to multiple authenticated services, and a single logout event automatically ends the session for multiple services.
- Save your selection.
- Define the settings for local authentication.
- Enter the one-time password (OTP) prompt frequency in Local AuthenticationDo not prompt for OTP to 0 for all log in attempts, or a number of days from 1 to 7.
- Enter a number of incorrect login attempts allowed in Block logins after consecutive incorrect passcodes between 1 and 30. Save your settings.
Configure Unsanctioned Device Access Control
Use the Aperture service as a SAML proxy between your Identity Provider and next generation firewall to control access to your sanctioned SaaS applications. ...
Configure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control You can control unsanctioned and employee-owned device access to your network and redirect device traffic to the next generation firewall ...
Add Aperture Administrators
Add Aperture Administrators Initially, to create new administrator accounts on the local database on the Aperture service, you must be logged in as the administrator ...
Add Unsanctioned Device Access Control to Aperture
Use the next generation firewall to control unsanctioned device access by configuring Aperture as a SAML proxy. ...
Begin Scanning a Google Drive App
Begin Scanning a Google Drive App To begin scanning a Google Drive app: Enable the privileges required for communication between the Aperture service and the ...
Configure VPN Reverse Proxy for SaaS Security
Configure VPN Reverse Proxy for SaaS Security You can use GlobalProtect cloud service to control access to your network from mobile users’ unsanctioned devices. This ...
Select an Authentication Method
Select an Authentication Method To strengthen your security posture, you can enforce multi-factor authentication (MFA) with local database on the Aperture service and/or enable single-sign-on ...
Supported SaaS Applications
Supported SaaS Applications SaaS applications are cloud apps where the software and infrastructure are owned and managed by the application service provider but where you ...
Configure SAML Single Sign-On (SSO) Authentication
Configure SAML Single Sign-On (SSO) Authentication By default, the Aperture service uses local (database) authentication which requires you to create Aperture sign in accounts for ...