Common questions about two factor authentication FAQ - Bastionhost - Alibaba Cloud - Bastionhost

How do I configure DingTalk as a two-factor authentication method?
I did not receive text messages for two-factor authentication. Why?
Can I specify the same email address for multiple Bastionhost users?

How do I configure DingTalk as a two-factor authentication method?

Note If you are not a DingTalk administrator, contact your organization administrator to grant you administrative rights before proceeding.

Log on to the DingTalk Admin Panel as a DingTalk administrator.
On the Application Information page, create an H5 micro app and record its AppKey, AppSecret, and AgentId.
On the Permission Management page, grant the following permissions to the micro app: Contact.User.mobile, fieldMobile, and qyapi_get_member_by_mobile.
Configure DingTalk two-factor authentication on your bastion host. For details, see Enable two-factor authentication.

I did not receive text messages for two-factor authentication. Why?

Check whether Block Spam Messages or Block Unknown Numbers is enabled on your phone. If either is enabled, check the list of blocked messages for the verification code, or update your message blocking rules to allow messages from the sender.

If the phone settings are not the issue, contact your telecom service provider to confirm whether they are filtering the messages.

Note If you need immediate access, disable text message two-factor authentication and switch to another method while you investigate. For instructions, see Enable two-factor authentication. If the issue persists, join the DingTalk group numbered 33097550 to contact a technical expert.

Can I specify the same email address for multiple Bastionhost users?

Yes. Multiple Bastionhost users can share the same email address for two-factor authentication. If you want to specify the same email address for multiple Bastionhost users, do so only after you have confirmed that the operation does not pose threats.