Skip to main content

Using Multi-Factor Authentication (MFA) to Sign In to the Server

The administrator can set your user account to enforce the use of multi-factor authentication (MFA). Then, as the user you first have to activate MFA for your account the next time you sign in to the CODESYS Automation Server. For this purpose, you are prompted to register a mobile device to generate a time-limited token. For example, this can be a smartphone with a suitable app. For each sign-in operation on the server, let this app generate the current token and enter it in addition to the user name and password.

Tip

Even if you want to connect to the CODESYS Automation Server via the CODESYS Automation Server Connector, the default browser opens for activated MFA (or not activated but enforced MFA) in addition to the sign-in dialog of the client. It requires the token, or it first requires the registration and activation of MFA.

Tip

For more information on security and 0_Global: Produkt CAS see: Security für den CODESYS Automation Server

If multi-factor authentication (MFA) is enforced for your user account, then the following situations are possible for signing in to the server:

Procedure. You are signing in to the CODESYS Automation Server for the first time.
  1. The Sign In view is displayed in the default browser. Or if you want to sign in via the CODESYS Automation Server Connector, the Sign In for External Client view is displayed.

    You are reminded that MFA is enforced, and that in order to activate it, you first have to register a mobile device as an authenticator. To do this, have a mobile device (for example, a smartphone) with a suitable app for scanning QR codes and generating a token.

    _cas_dlg_sign_in_mfa.png
  2. Click the Show MFA Settings_cas_icon_mfa_not_enforced.png button.

    The MFA Settings for user <user name> dialog opens. It reminds you that you have not yet registered a mobile device as an authenticator.

    _cas_dlg_sign_in_mfa_authenticator.png
  3. Click the Initialize button.

    The MFA Settings for user <user name> – Authenticator dialog opens.

    _cas_dlg_sign_in_mfa_authenticator_qr_code.png
  4. Use your mobile device to scan the displayed QR code. As an alternative, you could also enter the security key, which is displayed below the QR code, into the authenticator app. Let the authenticator app generate a token. Enter this six-digit token in the dialog and click Close.

    The registration is complete.

Procedure. You have already scanned a QR code during a previous registration operation.
  1. Let the app on your registered mobile device generate a current token.

  2. In the sign-in dialog, enter the User name, Password, and the currently generated six-digit Authenticator code.

    _cas_dlg_sign_in_mfa_already_registered.png

    The registration is complete.