Multi-Factor Authentication

Secure access to Stax for local users with multi-factor authentication

On This Page
Before You BeginEnable MFA For A UserDisable MFA For a UserKnown IssuesSee also

Multi-factor authentication (MFA) allows securing of users' credentials within Stax that are not associated with a Single Sign-On provider. Enabling MFA provides additional security by requiring that a second proof of identity be provided before a user is granted access to the Stax Console.

As of 12 October 2021, this feature is currently in Preview. During the early preview of MFA functionality, this functionality is not directly accessible in the Stax console. Review Access Stax Preview Features for more information on what this means. See known issues below for details on current limitations.

Before You Begin

  • Determine your Organization Alias (You use this when logging in to the Stax console)
  • Determine your installation identifer. Remove the leading stax- prefix. For example, stax-us1 becomes us1.

Enable MFA For A User

  1. Log in to the Stax console as the user you wish to enable MFA for

  2. In the address bar of your web browser, enter the following URL, replacing <org-alias> and <installation> with your Organization Alias and truncated installation identifier respectively:

    https://id.security.<org-alias>.<installation>.staxapp.cloud/auth/realms/master/account/totp

    For example, for the stax-demo organization in the stax-au1 region, the URL is as follows: https://id.security.stax-demo.au1.staxapp.cloud/auth/realms/master/account/totp

  3. Using Microsoft Authenticator, Google Authenticator, or another similar MFA application that supports TOTP, scan the QR code on the web page. Enter a name for the device, as well as the current One-time code, then choose Save

    Authenticator Configuration
  4. Next time you log in to the Stax console, or using stax2aws, you will be prompted to provide a one-time code from your TOTP application. Upon successfully entering the code, you will be logged in to Stax

    One-time code

Disable MFA For a User

  1. Log in to the Stax console as the user you wish to disable MFA for

  2. In the address bar of your web browser, enter the following URL, replacing <org-alias> and <installation> with your Organization Alias and truncated installation identifier respectively:

    https://id.security.<org-alias>.<installation>.staxapp.cloud/auth/realms/master/account/totp

    For example, for the stax-demo organization in the stax-au1 region, the URL is as follows: https://id.security.stax-demo.au1.staxapp.cloud/auth/realms/master/account/totp

  3. Click the delete icon next to to the authentication device. The authenticator will be removed immediately and MFA will be disabled for the user

    Configured Authenticators

Known Issues

  • MFA must be enabled on a per-user basis, by the user, and cannot be enforced organization-wide at this time
  • MFA status is not currently exposed in the Stax API, and as such cannot be reliably determined at an organization-wide level. If you require this detail, please raise a support case requesting a report of MFA status
  • Administrators cannot currently reset MFA tokens on behalf of users, this must be achieved by raising a support case for assistance

See also