Password Manager Pro stores sensitive administrative passwords of enterprise resources in encrypted form in the database. Access to the data was earlier restricted by a single level of authentication – local authentication of PMP or the authentication of third party identity stores like ActiveDirectory or LDAP. 

To introduce an extra level of security, PMP provides two factor authentication. Users will have to authenticate through two successive stages to access the PMP web-interface. While the first authentication will be through the usual native authentication or AD / LDAP, the second level of authentication could be done through various ways. 

ManageEngine has partnered with PhoneFactor, the leading global provider of phone-based two-factor authentication, to enable simple, effective two-factor security for Password Manager Pro.  ManageEngine is a PhoneFactor Alliance Partner and offers seamless integration with PhoneFactor’s authentication services. 

PhoneFactor works by placing a confirmation call to your phone during the login process. Upon completing your first authentication through usual means and when you go to the second authentication stage, you simply need to answer your phone and press # (or enter a PIN), which serves as the phone-based authentication. 

Following is the sequence of events involved in PhoneFactor Authentication in Password Manager Pro: 

  1. A user tries to access PMP web-interface

  2. PMP authenticates the user through Active Directory or LDAP or locally

  3. PMP prompts for the second factor credential through PhoneFactor

  4. PhoneFactor calls you. Answer the call and  press # (or enter a PIN)

  5. PMP grants the user access to the web-interface

Two factor authentication through PhoneFactor is a recommended best practice from PMP. For more details, please refer to the following section of our help documentation:
Bala