Toggling a tenant’s two-factor authentication status

Important

• When enabling two-factor authentication, all user accounts in the configured tenant will be required to set up two-factor authentication. This means users will be unable to log in until they set up two-factor authentication.

• For Unit tenants, the two-factor authentication setting is inherited from the parent tenant.

To toggle a tenant’s two-factor authentication status

1. Authenticate to the cloud platform via the Python shell.

   The following variables should be available now:

   >>> base_url  # the base URL of the API
   '<the data center URL>/api/2'
   >>> auth  # the 'Authorization' header value with the access token
   {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
   >>> tenant_id  # the UUID of the tenant to which the token provides access
   'ede9f834-70b3-476c-83d9-736f9f8c7dae'
   

2. Assign either of the following values to the tenant_id variable – the UUID of a sub-tenant created via the API or a sub-tenant found by its name:

   >>> tenant_id = created_tenant_id
   >>> tenant_id
   '0fcd4a69-8a40-4de8-b711-d9c83dc000f7'
   

3. Define a variable named mfa_status, and then assign an object with the enabled key containing desired status of two-factor authentication to this variable:

   >>> mfa_status = {
   ...     'enabled': True
   ... }
   

4. Convert the mfa_status object to a JSON text:

   >>> mfa_status = json.dumps(mfa_status, indent=4)
   >>> print(mfa_status)
   {
       "enabled": true
   }
   

5. Send a PUT request with the JSON text to the /tenants/{tenant_id}/mfa/status endpoint:

   >>> response = requests.put(
   ...     f'{base_url}/tenants/{tenant_id}/mfa/status',
   ...     headers={'Content-Type': 'application/json', **auth},
   ...     data=mfa_status,
   ... )
   

6. Check the status code of the response:

   >>> response.status_code
   200
   

   Status code 200 means that the platform has successfully changed the status of two-factor authentication for the tenant.

   Note

   A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

   Also, the response body contains the information about the status of the two-factor authentication, formatted as a JSON text. When converted to an object, it will look like this:

   >>> pprint.pprint(response.json())
   {
       "mfa_status": "enabled",
       "users_with_totp_enabled_count": 0,
       "users_count": 1,
       "update_allowed": true
   }