Registering multiple 2FA users with Google Authenticator configuration delivered by Email
Rohos Management Tools provides a secure way to setup multiple users or authentication devices. Now it is easy to setup a list users with Google Authenticator 2FA. It is also possible to automatically send an email message to each user that includes Google Authentication setup instructions. The most secure way is to use corporate email.
New ways to register multiple user or 2FA tokens: by using CSV file or PowerShell script.
New way to setup multiple Keys and Users:
- By using CSV file with the list of Users and 2FA keys serial numbers.
This method works for the following type of authentication media: PKCS#11 tokens, USB flash drives, Yubikey, RFID tags.
- By using the PowerShell script.
The script allows to :
– Configure a group of users with Google Authenticator 2FA configuration;
– Deliver Google Authenticator configuration to the user by Email.
– Use custom delivery method like SMS or Text File.
– Resend or Delete 2FA Configuration for the allready registered users.
How to register multiple user accounts with Google Authenticator 2FA
Open Rohos Remote Config > Import > “Click here to register users with Google Auth”
This will open Power Shell ISE editor with setupGoogleAuthUsers.ps1 script.
How to edit and run setupGoogleAuthUsers.ps1 script :
- Create AD group, add users that needs to be configured with Google Authenticator 2FA into that group.
- Set group name to $ImportGroupName variable
- Setup Email delivery options:
Set $NotifyByEmail = $true, and edit $EmailNotificationText variable with appropriate message.
Please note: User account email field will be used to get email address for each user;
- Run script, ensure users have received OTP configuration by Email;
- Script writes output that includes successfully configured users and notification email address;
- Depending on the 2FA control type selected in Rohos (if set to “for user group in AD”) you need to add these users also into 2FA group name specified in Rohos Logon in order to apply 2FA control on Windows Terminal Server or workstations;