Select checkboxes from the left navigation to add pages to your PDF Metallic User Administration and Security Enabling Two-Factor Authentication Obtaining a Secret Key for Two-Factor AuthenticationUpdated Wednesday, August 31, 2022 On this pageBefore You Begin Procedure What to Do NextApplies to: Administrators, end users The secret key is a unique 16-character alphanumeric code that is required during the set up of PIN generating tools such as the Microsoft Authenticator app. The secret key is issued for the first time that you log on to the Metallic Hub. Important: Save the secret key so that you can access it later. The secret key is required the first time that you log on to the Metallic hub after two-factor authentication (which is a form of multi-factor authentication) is enabled.
Adding a Metallic Account to the Microsoft Authenticator App
© A Commvault Venture. All Rights Reserved. Free Trial Contact Us
API keys are supplied by client users and applications calling REST APIs to track and control how the APIs are used (for example, to meter access and prevent abuse or malicious attack). The Authenticate API Key filter enables you to securely authenticate an API key with the API Gateway. API keys include a key ID that identifies the client responsible for the API service request. This key ID is not a secret, and must be included in each request. API keys can also include a confidential secret key used for authentication, which should only be known to the client and to the API service. You can use the Authenticate API Key filter to specify where to find the API key ID and secret key in the request message, and to specify timestamp and expiry options. An example use case for this filter would be a client accessing a REST API service to invoke specific methods (for example, startVM() or stopVM()). To invoke these methods, you are required to provide your API key ID and secret key to the API Gateway. You can keep the secret key private by sending the request over HTTPS. Alternatively, you can use the secret key to generate an HMAC digital signature. This means that the secret key is not sent in the request, but is inferred instead, because the message must have been signed using the required secret key. When the API service receives the request, it uses the API key ID to look up the corresponding secret key, and uses it to validate the signature and confirm the request sender. The API Gateway supports the following API key types:
For more details on authenticating Amazon Web Services API keys, see http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
Configure the following general settings: Name: Enter a suitable name for this filter in your policy. KPS Alias: Enter the alias name of the Key Property Store (KPS) used to store the API keys. For more details, see Key Property Store. Defaults to the example ClientRegistry supplied with the API Gateway. For details on storing API keys in the Oracle Client Application Registry, see the API Gateway OAuth User Guide. Field Containing Secret: Enter the name of the field in the KPS that contains the secret. Defaults to secretKey.
Configure the following fields on the API Key tab: Where to find API key: To specify where to find the API key in the request message, select one of the following options:
Where to find Secret key: To specify where to find the secret key in the request message, select the Extract Secret setting, and select one of the following options:
Authenticate API key and secret: Select whether to authenticate both the API key ID and the secret key. This means that the client must supply the API key ID and the secret key in the request message. This setting is selected by default.
Configure the following fields on the Advanced tab: Validate Timestamp: Select whether to validate the API key timestamp using the settings specified below. This setting is unselected by default. Timestamp is located in: To specify where the timestamp is located in the request message, select one of the following from the list:
The default option is Header. Enter the name in the text box. Defaults to Date. Timestamp format is: To specify the timestamp format, select one of the following from the list:
The default option is Simple Date Format. Enter the format in the text box. Defaults to EEE, dd MMM yyyy HH:mm:ss zzz. Timestamp Drift +/-: You can specify a drift time in milliseconds to allow differences in the clock times between the machine on which the API key was generated and the machine on which the API Gateway is running. Defaults to +-60000 milliseconds (one minute). Validate Expires: Select whether to validate the API key expiry details using the settings specified below. This setting is unselected by default. Expires is located in: To specify the location of the expiry details in the request message, select one of the following from the list:
The default option is Query String. Enter the name in the text box. Defaults to Expires. Expires format is: To specify the format of the expiry details, select one of the following from the list:
The default option is Milliseconds since epoch. Enter the format in the text box. Timestamp Drift +/-: You can specify a drift time in milliseconds to allow differences in the clock times between the machine on which the API key was generated and the machine on which the API Gateway is running. Defaults to 60000 milliseconds (one minute). |