Skip to main content
Feedback

Two-factor authentication

Two-factor authentication (2FA) is a verification process that requires users to confirm their identities at sign in by providing a temporary pass code. If you attempt to switch to an account that requires 2FA, you will have to follow the procedure in #Setting up 2FA to sign in.

How it works

2FA is an optional but highly recommended security feature introduced to the Boomi Enterprise Platform. Enabling 2FA makes an account much less susceptible to security threats by placing higher requirements at the user sign in stage.

Typically, users need only to provide their user name and password credentials to sign in to the Boomi Enterprise Platform. 2FA takes this process a step further by additionally requiring users to enter a temporary six-digit authentication code sent directly to a device of their choosing, such as a desktop computer or smart phone. To generate this code, users simply download an authenticator application, commonly referred to as a Time-based One Time Password (TOTP) application, to their device.

Boomi recommends the Google Authenticator application for Android and iOS mobile devices. For accounts with high-security requirements, Boomi recommends using the Okta Verify application.

Setting up 2FA

Before you begin, download one of the TOTP authenticators application mentioned above to a device of your choice, like a desktop or mobile device. Refer to your application's help guide for specific user instructions.

  1. Select Settings > My User Settings and click the Authentication tab.

  2. Toggle on Two-factor Authentication.

    The 2FA wizard opens.

  3. Using the TOTP authenticator application, do one of the following:

    • Scan the QR code provided by the 2FA wizard.
    • Manually enter a code into your authenticator application. To generate this code, click the setup code link on the 2FA wizard.

    This synchronizes the to the authenticator application.

  4. On the 2FA wizard, click Next.

  5. On the Verify Authentication Setup page of the 2FA wizard, enter a six-digit code generated by your authenticator application.

  6. Click Next.

  7. Click the Download link to download and save a set of 10 backup codes to a secure location.

    note

    It is best practice to download your new set of backup codes immediately to avoid getting locked out of your account. recommends that you treat your backup codes with the same level of security as you would a password.

  8. When you are done, click Finish to exit the wizard.

You have successfully configured 2FA on your account! After the initial setup of 2FA on an account, you can access the Settings > Account > Authentication page to reconfigure 2FA and regenerate backup codes. If you decide to disable 2FA on an account, reenabling requires you to complete these steps again.

Resetting 2FA

You might need to reset 2FA if you've been locked out of your account or need to change devices to generate the authentication code. Currently, you must contact Boomi Support to help reset 2FA for your account. You can access Boomi Support through the Resources menu in Platform.

Changing 2FA devices

Using the 2FA Reconfiguration feature, you can quickly enable a new device to generate authentication codes from your Time-based One Time Password (TOTP) application to log in with 2FA. This action prevents you from needing to disable and re-enable 2FA on your user ID, and ensures that your user continuously requires 2FA to log in.

  1. Select Settings > My User Settings and click the Authentication tab under My User Settings.

  2. In the Two-factor Authentication toggle box, click the Reconfigure link.

  3. The 2FA wizard opens. Follow the procedure in Setting up 2FA, starting from step 3.

2FA for administrators

Administrators can enable 2FA on accounts they manage. If an administrator implements account-level 2FA, users are required to configure 2FA on their user ID in order to sign in to or switch such accounts. Users cannot access these accounts until they configure 2FA. After setting up 2FA on their user ID, users sign in to the Boomi Enterprise Platform with an authentication code and can proceed into the account as normal.

Backup codes

info

Backup codes are available only for users who authenticate with SAML SSO.

Technology is not always reliable. At times when a 2FA user cannot access their TOTP authenticator application (for example when a phone is broken or lost), Boomi provides backup codes as an alternative way for users to fulfill 2FA requirements and enter the Boomi Enterprise Platform.

Unlike codes from a TOTP authentication application, backup codes are generated in sets of 10 from the interface and should be downloaded immediately to a secure location, like a password manager. Note that each code can only be used once; it is highly recommended that you track which codes you've already used. Boomi recommends that you treat your backup codes with the same level of security as you would a password.

If you can neither access the authenticator application nor backup codes to sign in, contact your Boomi account administrator. After verifying your identity, administration users then contact Boomi Support on your behalf. Allow Support up to two business days to resolve access to your account.

For use in emergency situations, backup codes are generated during 2FA setup and act as supplementary, one-time-use codes.

Regenerating backup codes for 2FA

After the initial 2FA setup, users can regenerate backup codes by navigating to Settings > My User Settings > Authentication > Regenerate Backup Codes. Generating new codes will invalidate the previous set you have generated.

2FA with Single-Sign On

When users sign in to the Boomi Enterprise Platform using single-sign on (SSO), 2FA is not enforced. Only administrators with both SSO and 2FA enabled can manually sign in with their Platform credentials, in which case they will enter an authentication code provided by their TOTP authenticator application.

Authenticating API calls with 2FA

When accounts are enabled with 2FA, Boomi provides two ways for you to authenticate your API calls: API tokens or using an authentication code generated from your TOTP application.

API tokens are generally used when you regularly make calls to an API from your 2FA account. API tokens allow you to automate your calls using a single token that is generated straight from the Boomi Enterprise Platform. You can add API tokens from the Settings menu > My User Settings > Platform API Tokens page. For more information about API tokens, refer to the topic Platform API Tokens settings. For more information about how to authenticate API calls using an API token, refer to the Platform API and Partner API authentication topic.

Without an API token, you are required to enter a new TOTP authentication code in your API call tool. However, authentication codes expire every 60 seconds and therefore require you to frequently reenter new codes to make new or additional calls. This method is ideal for when you make infrequent calls or in ad-hoc scenarios. In this case, enter X-Boomi-OTP as an HTTP header in your API call tool of choice, and enter a TOTP authentication code as its value. For more information about how to authenticate API calls, refer to the Platform API and Partner API authentication topic.

On this Page