Multi-User Authentication (MUA)
    • 04 Jun 2024
    • 2 Minutes to read
    • PDF

    Multi-User Authentication (MUA)

    • PDF

    Article summary

    Setting Up MUA for Account or Bucket Deletion

    With this feature, security contacts are responsible for ensuring the security of an organization's information systems and data. For example, if there is an attempt to delete a Root account and a security contact denies the deletion, this is the type of message the Root account user will receive:

    As a Root user, you can add up to three security contacts who will be required to sign off on account activities that you specify. There is no limit to the number of activities that these contacts can oversee.

    Multi-Factor Authentication (MFA) must be enabled before you can add a security contact.

    The Security Contacts feature is available for a Root user only.

    Adding a Security Contact

    1. Click Settings on the Wasabi menu. Or, open the account sign-in drop-down and click Settings.
    2. Open the Security Settings drop-down.
    3. Select Multi-User Authentication.

    4. Click Add Security Contact.

      If MFA is not enabled, a message will remind you to do so. Refer to Multi-Factor Authentication (MFA) Device.

    5. Enter the email of the security contact. Note that the domain must match your Root account domain.

    6. Open the Activities drop-down.

    7. Select the account activity that will require approval from the security contact. To do so, click the Activities box. Two options are available: Delete Account and Delete Bucket. Select the activity(ies) for this contact. If a user tries to delete the account or a bucket, the contact will receive an email and must approve or deny the deletion.

      If you select the Delete Bucket activity, this message will be displayed when a user attempts to delete the bucket:

      And, the user will be asked to confirm the deletion:

      In addition, the Delete action that is normally available for the bucket (in the Buckets list) will change from Delete to Awaiting Deletion Approval. For example:

      An email will be sent to both the security contact and Root user during the bucket deletion process.

    8. After selecting the activity(ies), click Continue.

    9. Enter an authentication code from your MFA device.

    10. Click Send. The contact is displayed with the activity you defined. For example:

      Wasabi Support will email an invitation to the contact, and the person can accept or decline your request. An example of this email is:

      The invitation email sent to a contact is valid for 24 hours.
    11. You can repeat this procedure, starting with Step 4, if you want to add up to three security contacts.
    When a security contact receives a request to delete an account or bucket, the contact has 15 minutes to respond. This request expires after 15 minutes.

    Resending an Invitation

    You may want to resend the invitation to a potential security contact if the person has not responded.

    1. Clickactions-ellipsisto open the Action menu to the right of the contact information.

    2. Select Resend.
    3. When asked to confirm, click Resend.

    Canceling an Invitation

    You can cancel an invitation before the potential security contact responds.

    1. Clickactions-ellipsisto open the Action menu to the right of the contact information.

    2. Select Cancel.
    3. When asked to confirm, enter the MFA authorization code.

    4. Click Cancel.

    Removing a Security Contact

    You can remove a person as a security contact after he/she has accepted the invitation.

    1. Clickactions-ellipsisto open the Action menu to the right of the contact information.

    2. Select Remove.
    3. When asked to confirm, enter the MFA authorization code.

    4. Click Remove.

    The security contact is required to accept the removal request.