To configure Advanced Authentication in the GroupWise Administration Console:
In the GroupWise Admin Console, navigate to System > Advanced Authentication.
On the General tab, enter in a Name and Description, and then put in DNS Name from the Worksheet in the Address field. Leave the Tenant name as TOP or MFA won’t work.
On the Endpoint tab, enter the following information from the worksheet: Endpoint Name in the Name field, Event Name in the Event name field, Endpoint ID in the Endpoint ID field, Endpoint Secret in the Endpoint secret field. The Grace period is used to specify how long users have before the MFA request times out.
On the OAuth2 tab, enter the following information from the worksheet: OAuth2 Name in the Name field, OAuth2 Client ID in the Client ID field, OAuth2 Client Secret in the Client Secret field.
Copy everything in the Redirect URLs field and go back to your OAuth2 event in the Advanced Authentication Administration Console. Edit the OAuth2 event and put everything you copied in the Redirect URI field.
IMPORTANT:If you are using GW Web, add your GW Web server URLs to the Redirect URIs list using the format https://gwweburl. Do not add a / after the URL or MFA won’t work for GW Web. You need to add each URL that can be used to access GW Web (private, public, IP address, etc).
You can now enable or require MFA on a Domain, Post Office, or User in Client Options > Security > Advanced Authentication. Enabling MFA makes it so users can enroll in MFA and use it if they like, but use is not mandatory after configuration. Requiring MFA makes it so users cannot login without using MFA. The best way to use these setting is to Enable MFA and give your users time to enroll and then set it to Required.
Continue with Registering Users for Multi-Factor Authentication.