How to activate Two Factor Authentication

Two factor Authentication is also known as Two-Step Verification or Multi-factor authentication and abbreviated as 2FA, TFA or MFA. They all mean the same: expanding the amount of factors required for authentication. On our systems we use a 30 second valid One Time Password (OTP) that can be read from your smartphone.

Our implementation of the One Time Password is based on the open standards developed by the Initiative for Open Authentication (OATH). From these standards we use the HMAC based Time-based-One-Time-Password (TOTP) as specified in RFC 6238.

Activating Two Factor Authentication

Prerequisites to enabling Two Factor Authentication:

Be aware: Activating TFA also activates it for the API, thus requiring a valid OTP-Token to log in to the API. We advise you not to enable TFA on a user account that is used in code or automated processes.

The steps that are required to activate Two Factor Authentication:

  • Log in to our interface on
  • Click in the main menu on "Accounts" to go to your account data

  • Click on the button "Enable Two Factor Authentication"

  • Scan the barcode with the Authenticator App, or fill it in manually.
  • To validate the Authenticator's proper operation,  fill in the 6 digit OTP-Token in the form, at this point the secret is not set, and TFA is not enabled. Click on the "validate and set the OTP Secret" button. If the OTP-Token is valid, Two Factor Authentication is enabled.

  • You are done now. TFA is active. Every login from now on requires the 6 digit OTP-Token to be typed directly after your password.
  • Input the 6 digit OTP-Token directly after your password (with no spaces between the two) in the Password field:

    When the Token is missing or invalid, an extra input field will appear to remind you TFA is enabled for that account. For you convience, that input field can also be used to insert the OTP-Token.

  • If you are using the API and the OTP-Token is invalid or missing, the error message in the responsebody for the login request will be:

    { "error": {
      "message": "Additional authentications steps required.",
      "code": 401,
      "identity": null,
      "title": "Unauthorized" } }


General FAQ

Show all FAQs

OpenStack FAQ

Show all FAQs


Show all FAQs