Last Updated: September 2020
These settings require the
isodate libraries to be installed. Starting with Tethys 5.0 or if you are using
micro-tethys-platform, you will need to install these libraries using conda or pip as follows:
# conda: conda-forge channel strongly recommended
conda install -c conda-forge django-mfa2 arrow isodate
pip install django-mfa2 arrow isodate
Tethys allows you to enable/enforce the use of multi factor authentication through apps such as LastPass Authenticator or Google Authenticator. This capability is provided by Django MFA2. This tutorial will show you how to enable that functionality.
Several options in your
portal_config.yaml file can be changed to customize the multi-factor authentication for your portal. See: the Django MFA2 Documentation for more information about the different options. These are the default settings:
TOKEN_ISSUER_NAME: 'Tethys Portal'
Multifactor authentication is on by default but is not required. However, you it can be required by setting
If you setup the Email option, users will be able to receive MFA codes through their email. Enabling this option for your multi factor authentication requires some extra setup.
'Email'from the MFA_UNALLOWED_METHODS list in your portal config.
Setup emailing capabilities for your Tethys Portal. If you have a Gmail account you can use the free Gmail SMTP service as follows:
EMAIL_FROM: 'My Name'
Follow these steps to enable multi factor authentication on your account:
Log in to the Tethys Portal
Navigate to the settings for your account by selecting "User Settings" from the drop down menu next to your username.
Press the Configure button next to the 2-Step Verification setting under the Credentials section.
Select the method you would like to enable from the Add Method menu.
The MFA methods table will show a list of all enabled MFA methods. Use the Add Method button to add a new method.
Follow the on-screen instructions and enter the code to verify your method.
Example of adding an authenticator app. Scan the QR code using an authenticator app on your phone such as Google Authenticator or Lastpass Authenticator.
Example of adding an email method. You will need to have set your email address on your profile to receive the codes through emails.
If you choose the Email MFA option, you must also provide an email in your profile.
Log out and log back in to verify that you are prompted for the second factor.