UseCase7_MFA_GoogleAuthenticator - sandersdHES/PAMEmergingTech GitHub Wiki

This use case demonstrates how to configure Multi-Factor Authentication (MFA) in PAM360 using Google Authenticator. The goal is to enhance login security by requiring a time-based One-Time Password (OTP) in addition to a user’s credentials.

With increasing risks of credential theft and brute-force attacks, relying solely on usernames and passwords is no longer sufficient. Two-Factor Authentication (2FA) strengthens your PAM360 instance by adding a dynamic authentication layer. In this guide, we’ll use Google Authenticator as the 2FA method.

• You must have admin access to PAM360.
• PAM360 must already be installed and running on your Azure VM.

Access your PAM360 web portal, e.g.:

https://<your-pam360-server>:8282

• Go to Admin > Authentication > Two-Factor Authentication
• Click “Enable Two-Factor Authentication”
• From the available options, select Google Authenticator
• Click Save to confirm the configuration
• Choose Google Authenticator as your 2FA method.
• Save the configuration.

• Under the same menu, go to “Configure Users”.
• Select the users who should use MFA.
• Click “Enroll” for each user.

The next time a user logs in:

• PAM360 will show a QR code.

• User must scan it using the Google Authenticator app on their phone.

• They’ll enter the 6-digit OTP to complete login.

  

To make MFA mandatory across the platform:

• Go to Admin > Authentication > Two-Factor Authentication
• Enable the toggle: “Enforce for all users”

This ensures every user must authenticate with an OTP.

With MFA enabled via Google Authenticator:

• Every login now requires a valid OTP in addition to the password
• This adds a robust layer of protection against stolen or leaked credentials
• PAM360 becomes more resilient to unauthorized access attempts

This simple but powerful step significantly strengthens your security posture.