Multi-Factor Authentication
Veeam Backup for Google Cloud multi-factor authentication (MFA) is based on the Time-based One-Time Password (TOTP) method. This method requires a user to install an authentication application on the trusted device. The authentication application will generate temporary six-digit codes used to verify the user identity.
To enable MFA for a specific user, do the following:
Request: POST https://123.123.123.123:13140/api/v1/accounts/users/administrator/mfaEnable
Request Header: x-api-version:1.3-rev0 Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw
Request Body: { "recreate": "false" } |
Response: 200 Response Body: { "response": { "qrString": "otpauth://totp/administrator@ap-ubuntu-2?secret=P6JV3GGODIMXHOUZ2OAXN3S2LQ&issuer=ap-ubuntu-2", "secretKey": "P6JV3GGODIMXHOUZ2OAXN3S2LQ", "scratchCodes": [ "13433973", "96799468", "19712857", "22056331", "90916425" ], "token": "NEQ0RTY2RUNFNzAxQjdCMjE0MjVEOTRDOTMwRTlDNEY3RThDRkZBODM3MTY1N0E2NUUyQkYxNjAwQTYyNDlGNA==" }, "issues": [] } |
- Install a supported authentication application on the trusted device.
- Open the authentication application, create an account and enter the secret key manually.
The authentication application will generate a six-digit verification code.
Tip |
You can use a QR code to create an account in the authentication application:
The authentication application will automatically create an account and generate a six-digit verification code. |
In the request body, specify the following parameters:
- code — the six-digit verification code generated by the authentication application on the trusted device.
- token — the token previously received from the authorization server.
Request: POST https://123.123.123.123:13140/api/v1/accounts/users/administrator/mfaAccepted
Request Header: x-api-version:1.3-rev0 Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw
Request Body: { "code": "475112", "token": "NEQ0RTY2RUNFNzAxQjdCMjE0MjVEOTRDOTMwRTlDNEY3RThDRkZBODM3MTY1N0E2NUUyQkYxNjAwQTYyNDlGNA==" } |
A successfully completed operation returns the 200 response code.
Note |
In case of losing access to the authentication application:
|
Request: POST https://123.123.123.123:13140/api/v1/accounts/users/administrator/mfaDisable
Request Header: x-api-version:1.3-rev0 Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw |
A successfully completed operation returns the 200 response code.