Get Started Knowledge Base FAQs Troubleshooting Latest Release
Submit a Ticket

Menu

    Configure Multi-Factor Authentication

    Avatar
    Heather McLeod
    • Updated

    This article was updated to support v12.1.4 of Goliath Performance Monitor

     

    Goliath Performance Monitor supports Role Based Security for accessing the web console. To add an additional layer of security to the application, multi-factor authentication (MFA) can be configured globally for all Goliath end users. 

     

    Prerequisites

    • Role Based Security must be enabled prior to configuring MFA
    • Goliath end users must have ready an authenticator app on their device for code generation (ie Google Authenticator, Microsoft Authenticator, etc)

    Configuration

    1. Connect to the Goliath web console
    2. Navigate to the Settings page
    3. In the menu, select the option for Security and User Accounts
    4. At the bottom of the page, in the Global Security Settings section, check the box for Enable Multi-Factor Authentication (MFA)
    5. Click the Apply button to save

    Overview

    1. The first time a user authenticates into Goliath following the 2FA enablement, they will be prompted with a QR code. The end user will then scan this QR code into their authenticator app and then enter the one-time passcode generated into Goliath to confirm setup
    2. Once the authenticator app is configured for the user, with subsequent logons the user will be prompted to enter the one-time passcode in order to login to Goliath.
    3. Once MFA is enabled, if you were to then decide to disable it at any point, all user MFA information is erased from Goliath.
    4. Note - if the Goliath Servers windows clock is not set correctly MFA will not succeed (i.e. clock is behind or ahead)

    Reset User MFA

    In the case where a user gets a new device or loses access to their authenticator app, a Goliath Admin who has SQL sysadmin rights to the DB can run the following SQL queries to force a reset. Upon completion, the next time the user signs into Goliath they will be prompted to configure a new authenticator app.

    1. Run the query select userid, name from enduser against the Goliath database
      1. This will return the list of configured users and groups mirroring what is on the Settings>Security and User Accounts page.
    2. Find and note the userid that corresponds to the user you are looking to reset. This will be used in the next query.
      1. Note, if the user resides in a configured AD Group, find said group in the list and note the userid for the group.
    3. Next, run the query select gpmUserID, username from gpmuser where endUserId = # where # is replaced with the value from step 2.
      1. This will return the corresponding username information for a given user or a list of users if a group was used.
    4. Find and note the gpmUserID for the user who needs to be reset. This will be used in the next query.
    5. Lastly, execute delete from secondFactor where userid = #, where # is replaced with the value from step 4, to remove any configured MFA details for the user.
      1. The next time the user attempts to connect to Goliath they will be prompted to configure a new authenticator app.