Skip to main content
Feedback

Two-factor authentication

Two-factor authentication (2FA) is a verification process that requires users to confirm their identities at sign in by providing a time-based one-time password (TOTP). If you attempt to switch to an account that requires 2FA, you will have to follow the procedure in #Setting up 2FA to sign in.

The Boomi Enterprise Platform will soon require 2FA for all new accounts. Follow the procedure in Setting Up 2FA to enable 2FA.

How it works

2FA is an highly recommended security feature for the Boomi Enterprise Platform. Enabling 2FA makes an account much less susceptible to security threats by placing higher requirements at the user sign in stage.

Typically, users need only to provide their user name and password credentials to sign in to the Boomi Enterprise Platform. 2FA takes this process a step further by additionally requiring users to enter a temporary six-digit authentication code sent either directly to their account email or to an authenticator application an a device of their choice, such as a desktop computer or smart phone.

Boomi recommends the Google Authenticator application for Android and iOS mobile devices. For accounts with high-security requirements, Boomi recommends using the Okta Verify application. Before you begin, download an authenticators application to a device you can access easily and consistently. Refer to the authentication application's help guide for specific user instructions.

Setting up 2FA

Administrators can enable 2FA on accounts they manage. If an administrator implements account-level 2FA, users are required to setup 2FA on their user ID in order to sign in to or switch such accounts; users cannot access these accounts until they configure 2FA.

Users who have had administrators enable 2FA on their accounts can set up 2FA by following the below instructions from Step 3.

  1. Select Settings > and click the Authentication under the My User Settings section.

  2. Toggle on Two-factor Authentication.

  3. Choose an authentication method: Email Verification or Authenticator App.

    • Email verification:

      • Select Continue to send an authentication code to email associated with your account.
      • Click Enter Code. You will receive an email from Okta with a six digit TOTP.
      • Enter the six digit code from your email, then select Use this method.
    • Authenticator App:

      • Open an authenticator application of your choice and add a new account.
      • Scan the QR code or enter the Setup Key to complete account setup.
      • Select Continue. Enter the six digit code from your authenticator application app, then select Use this method.
  4. The chosen authentication method shows as active in the Two-factor Authentication toggle box.

Changing 2FA methods

You can change 2FA authentication methods without turning 2FA off. To switch authentication methods, select Change Method from the Two-factor Authentication toggle box and follow the instructions in Setting Up 2FA from Step 3.

Resetting 2FA

You might need to reset 2FA if you've been locked out of your account. Currently, you must contact Boomi Support to reset 2FA for your account. You can access Boomi Support through the Resources menu in Platform.

Changing 2FA devices

You may need to change the device you use for 2FA. Follow the instructions below to set up Authenticator App 2FA on a new device.

  1. Select Change Method from the Two-factor Authentication toggle box and follow the instructions in Setting Up 2FA to enroll in Email Verification.
  2. Once enrolled, select Change Method.
  3. Follow the steps in Setting Up 2FA to set up Authenticator App 2FA on your new device.

Backup codes

info

Backup codes are generally only available for legacy FedRAMP users and their sub-accounts.

Technology is not always reliable. At times when a 2FA user cannot access their Time-based one-time password (TOTP) authenticator application (for example when a phone is broken or lost), Boomi provides backup codes as an alternative way for users to fulfill 2FA requirements and enter the Boomi Enterprise Platform.

Unlike codes from a TOTP authentication application, backup codes are generated in sets of 10 from the interface and should be downloaded immediately to a secure location, like a password manager. Note that each code can only be used once; it is highly recommended that you track which codes you've already used. Boomi recommends that you treat your backup codes with the same level of security as you would a password.

If you can neither access the authenticator application nor backup codes to sign in, contact your Boomi account administrator. After verifying your identity, administration users then contact Boomi Support on your behalf. Allow Support up to two business days to resolve access to your account.

For use in emergency situations, backup codes are generated during 2FA setup and act as supplementary, one-time-use codes.

Regenerating backup codes for 2FA

After the initial 2FA setup, users can regenerate backup codes by navigating to Settings > My User Settings > Authentication > Regenerate Backup Codes. Generating new codes will invalidate the previous set you have generated.

2FA with Single-Sign On

2FA is not enforced when users sign in to the Boomi Enterprise Platform using single-sign on (SSO). Only administrators with both SSO and 2FA enabled can manually sign in with their Platform credentials, in which case they will enter an authentication code provided by their TOTP authenticator application.

Authenticating API calls with 2FA

When accounts are enabled with 2FA, Boomi provides two ways for you to authenticate your API calls: API tokens or using an authentication code generated from your TOTP application.

API tokens are generally used when you regularly make calls to an API from your 2FA account. API tokens allow you to automate your calls using a single token that is generated straight from the Boomi Enterprise Platform. You can add API tokens from the Settings menu > My User Settings > Platform API Tokens page. For more information about API tokens, refer to the topic Platform API Tokens settings. For more information about how to authenticate API calls using an API token, refer to the Platform API and Partner API authentication topic.

Without an API token, you are required to enter a new TOTP authentication code in your API call tool. However, authentication codes expire every 60 seconds and therefore require you to frequently reenter new codes to make new or additional calls. This method is ideal for when you make infrequent calls or in ad-hoc scenarios. In this case, enter X-Boomi-OTP as an HTTP header in your API call tool of choice, and enter a TOTP authentication code as its value. For more information about how to authenticate API calls, refer to the Platform API and Partner API authentication topic.

On this Page