There’s such thing as perfect timing, like having a phone upgrade available right at the launch of a shiny new smartphone. There’s also such thing as bad timing, like realizing, in the middle of a SEV 1 incident, that the Google Authenticator 2-FA token for Dyn was on the old device.
The last thing anyone would want to do during this would be to seek out the Full Administrator on the account, which is likely to be a VP of Engineer or CTO, to see if they can login to reset the 2-FA token. Of course, a simple solution would be to never upgrade to a new device ever again, or just make sure that there’s multiple users available to reset 2-FA.
Thanks to Dyn’s Identity and Access Management Team, there is now a way to do just this, known as Portal Group Permissions. This allows admin-like access to be granted to any user(s) on the account. Meaning when a network engineer gets the latest version of their favorite smartphone, a fellow network engineer can reset their 2-FA token, allowing the user to log in without going up the entire chain of command, saving time for all.
While the Full Administrator does need to configure these permissions, it will only need to be done one time, hopefully not in the middle of any incidents. There’s also an added bonus to this; if the Full Administrator ever gets locked out, the additional DynID Admin(s) will be able to reset the 2-FA token for the Full Administrator.
To get started, first log in to portal.dynect.net as the Full Administrator, then select Manage Account.
From here, choose Company, then App Users.
Make sure to select the user you’d like to give access to and then select “edit” next to groups on the right-hand side. Then, add in DynID Admin to the group and save!
Upon the next login, the user will have access to reset 2-FA for all users, aside from themselves. The user can follow the guide here on how to reset when needed: https://help.dyn.com/managing-2fa-for-users/.