Update Sources w/ MFA

Christopher17 · ‎07-09-2020

Under the guide for setting up update sources to retrieve update sets from another instance, I have run into a simple problem. This does not work with MFA turned on for admin role accounts.

Turning off MFA would be in violation of our cybersecurity rules. Could there be another role to retrieve update sets? All it needs is read-only access from the source instance to retrieve the update set. I find the need for full admin role to be a bit heavy handed in this function.

Please advise.

Christopher17 · ‎08-05-2020

Okay this is totally cool. When you setup the account, enter the password when prompted as normal. But then enter your one time password to the end of the password. No spaces or anything, just add the OTP to the end of your password. Then authenticate and you are all set. Once authenticated, you don;t have to enter the OTP again for sharing update sets.

View solution in original post

Jari Leppanen · ‎07-07-2021

> Once authenticated, you don;t have to enter the OTP again for sharing update sets.

This does not seem to be the case for me. It works once, but then on the next time I have to add the OTP there again.

s_b1 · ‎08-18-2021

Try creating a user with the teamdev_user role to fetch the update sets on update sources.

Should work fine.

Saurav · ‎10-20-2023

@s_b1

Hi , Can you explain a bit more on this , would help if you could point to a KB / doc record.

Tim Grindlay · ‎11-05-2023

In the update source for the source instance (eg PROD), you can specify a Username and password to fetch the update sets. Instead of using your admin account credentials, setup a dedicated service account on the source instance (eg TEST). Give the new service account the teamdev_user role and optionally the snc_read_only role and disable MFA by setting the 'Enable Multifactor Authentication' field to false.