Update Sources w/ MFA

Christopher17 · ‎07-09-2020

Under the guide for setting up update sources to retrieve update sets from another instance, I have run into a simple problem. This does not work with MFA turned on for admin role accounts.

Turning off MFA would be in violation of our cybersecurity rules. Could there be another role to retrieve update sets? All it needs is read-only access from the source instance to retrieve the update set. I find the need for full admin role to be a bit heavy handed in this function.

Please advise.

Christopher17 · ‎08-05-2020

Okay this is totally cool. When you setup the account, enter the password when prompted as normal. But then enter your one time password to the end of the password. No spaces or anything, just add the OTP to the end of your password. Then authenticate and you are all set. Once authenticated, you don;t have to enter the OTP again for sharing update sets.

View solution in original post

Patrick DeCarl1 · ‎07-09-2020

Based on doc site, it needs local admin rights "Enter the user on the remote instance who authorizes transferring update sets to this the instance. This user account must have the admin user role on the remote instance."

Have you tried giving user admin role with snc_read_only role?

Tim Grindlay · ‎07-21-2020

I've just run into this too, any update?

Christopher17 · ‎08-05-2020

Okay this is totally cool. When you setup the account, enter the password when prompted as normal. But then enter your one time password to the end of the password. No spaces or anything, just add the OTP to the end of your password. Then authenticate and you are all set. Once authenticated, you don;t have to enter the OTP again for sharing update sets.

Tim Grindlay · ‎08-05-2020

Nice. I wish this was a bit more obvious though. I worked around it by creating internal integration service account with the teamdev_user role and snc_read_only, with MFA disabled.