> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Using Multifactor Authentication

|                       |               |                  |             |             |
| --------------------- | ------------- | ---------------- | ----------- | ----------- |
| **Role Availability** | **Read-Only** | **Investigator** | **Analyst** | **Manager** |

To protect your USM Anywhere account, enable <Tooltip tip="A method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.">multifactor authentication (MFA)</Tooltip>. MFA adds extra security because it requires multiple factors to <Tooltip tip="Process used to verify the identity of a user, user device, or other entity, usually through a username and password.">authenticate</Tooltip> a user, making it more difficult for an unauthorized person to gain access to the account. In USM Anywhere, MFA provides a layered defense of two independent credentials: what you know (your username and password) and what you have (security token on your personal device).

To use multifactor authentication in USM Anywhere, you must have a mobile device that supports an Authenticator app. LevelBlue recommends the [Google Authenticator app](https://support.google.com/accounts/answer/1066447), which is available for iOS and Android devices. Google Authenticator implements two-step verification services using the Time-Based One-Time Password (TOTP) algorithm and HMAC-Based One-Time Password (HOTP) algorithm for authentication.

<AccordionGroup>
  <Accordion title="Configuring MFA for Your Account">
    Before you set up MFA for your account, you must install the Authenticator app on your device.

    **To configure MFA for your account**

    1. In the lower-left corner of the USM Anywhere web user interface (UI), click the <img src="https://mintcdn.com/levelblue-5324744e/COENAgK6Qeclbd0h/images/usm-anywhere/user.svg?fit=max&auto=format&n=COENAgK6Qeclbd0h&q=85&s=ec16127774f722904f8f8c7418e33754" className="inline" width="24" height="24" data-path="images/usm-anywhere/user.svg" /> icon, and then select **Profile Settings**.

    2. Select Enable **Multi-Factor Authentication**, and then click **Save**.

           <Frame>
             <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mfa-enable_thumb_0_60.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=8abf8e0c6fc1ba754b636341049af794" alt="" width="38" height="60" data-path="images/usm-anywhere/mfa-enable_thumb_0_60.webp" />
           </Frame>

    3. Click the <img src="https://mintcdn.com/levelblue-5324744e/COENAgK6Qeclbd0h/images/usm-anywhere/user.svg?fit=max&auto=format&n=COENAgK6Qeclbd0h&q=85&s=ec16127774f722904f8f8c7418e33754" className="inline" width="24" height="24" data-path="images/usm-anywhere/user.svg" /> icon, and then select **Logout**.

    4. Click **Login**.

    5. On the login page, enter your username and password, and then click **Login**.

       USM Anywhere displays the Multi-factor authentication page to prompt you to complete your MFA configuration. The displayed page provides a unique QR code that is used by the Authenticator app to retrieve a verification code.

           <Frame>
             <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mfa-qr-code-new_thumb_0_60.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=334120ea84f64ce1c1dfe57315928089" alt="" width="37" height="60" data-path="images/usm-anywhere/mfa-qr-code-new_thumb_0_60.webp" />
           </Frame>

    6. Open the Authenticator app on your device.

    7. Scan the QR code using the Authenticator app.

    8. Enter the one-time passcode in the text box of the USM Anywhere, and then click **Verify Code and Login**.
  </Accordion>

  <Accordion title="Activating Required MFA">
    Users in a manager role can require non-admin users to log in using MFA. If a manager user enables this setting and you do not already have MFA configured, you will be prompted to set up MFA upon your next log in.

    Before you set up MFA for your account, you must install the Authenticator app on your device.

    **To activate required MFA**

    1. On the login page, enter your username and password, and then click **Login**.

       USM Anywhere displays the Multi-factor authentication page to prompt you to complete your MFA configuration. The displayed page provides a unique QR code that is used by the Authenticator app to retrieve a verification code.

           <Frame>
             <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mfa-qr-code-new_thumb_0_60.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=334120ea84f64ce1c1dfe57315928089" alt="" width="37" height="60" data-path="images/usm-anywhere/mfa-qr-code-new_thumb_0_60.webp" />
           </Frame>

    2. Open the Authenticator app on your device.

    3. Scan the QR code using the Authenticator app.

    4. Enter the one-time passcode in the text box of the USM Anywhere, and then click **Verify Code and Login**.
  </Accordion>

  <Accordion title="Changing Your Authentication Device">
    In the event that you lose or change your mobile device, there is a function to reset the MFA for your user account. Another user in your USM Anywhere environment can edit your user account to reset the QR code used to pair the device with your account.

    **To change your authentication device**

    1. Go to **Settings > Users**.

    2. Click the <img src="https://mintcdn.com/levelblue-5324744e/2zcwC17_yhGqZqy4/images/usm-anywhere/pencil-new.svg?fit=max&auto=format&n=2zcwC17_yhGqZqy4&q=85&s=3fe3fa0ee6ce2b44857bf81d5ab975d9" className="inline" width="24" height="24" data-path="images/usm-anywhere/pencil-new.svg" /> icon of the user for whom you want to reset the MFA account. Your role must be Manager.

    3. Click **Reset Multi-Factor Authentication**.

           <Frame>
             <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mfareset_thumb_0_60.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=5933439e68f1fe7f2b1c99f5b69a7400" alt="" width="78" height="60" data-path="images/usm-anywhere/mfareset_thumb_0_60.webp" />
           </Frame>

       A message displays at the top of the page to inform you about the success of the MFA reset request.

    4. Click **Cancel**.
       After the reset, USM Anywhere displays the Multi-factor authentication page at your next <Tooltip tip="Log in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password.">login</Tooltip>. Follow the same steps to set up the authentication with the new device.
  </Accordion>
</AccordionGroup>

## <img src="https://mintcdn.com/levelblue-5324744e/COENAgK6Qeclbd0h/images/usm-anywhere/vid.svg?fit=max&auto=format&n=COENAgK6Qeclbd0h&q=85&s=4704896d23dd78d37cf9301ef9aa48fd" className="inline" width="24" height="24" data-path="images/usm-anywhere/vid.svg" /> Related Video Content

<Frame>
  <iframe src="https://player.vimeo.com/video/318615849" width="640" height="360" frameborder="0" allow="autoplay; fullscreen" allowfullscreen />
</Frame>

To view other related training videos, [click here](https://cybersecurity.att.com/training/self-paced-training).