Configuring 2 Step Authentication
Situation | You want to help protect your organizations from unauthorized access by requiring users to enter an additional code when logging in. |
---|---|
Solution |
See below for information on:
|
What Is 2 Step Authentication?
2 step authentication can be used to help protect your organization from unauthorized access by requiring two methods (authentication factors) to verify users' identity when logging into Proofpoint Essentials. 2 step authentication helps protect against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
What Happens When You Turn On 2 Step Authentication?
Authentication Method: SMS
Once 2 step authentication has been enabled for your organization, whenever a user attempts to login, they will be prompted to enter both their password and a passcode sent to their mobile number.
When a user has successfully logged in, they will not be prompted to enter another passcode for 12 hours, however, if a user clears their browser cookies, they will be prompted to enter a new passcode upon their next login.
Important: To ensure users can receive a passcode via the SMS authentication method, all in scope users must have a valid mobile number assigned to their account. In the absence of a valid mobile number, users will be unable to login if two step authentication is enabled.
How Do I Enable 2 Step Authentication?
Enable Two Step Authentication
- Navigate to Administration > Account Management > Authentication
- Click Manage 2 Step Authentication
- Click the toggle to enable 2 Step Authentication
- Choose the users that you want to include in 2 step authentication scope:
All users - All users within the organization will need to enter a passcode upon logging in.
Admin Only - Only Admin users within the organization will need to enter a passcode upon logging in.
- Click Save
- Click Confirm on the Update summary.
How Do I Disable 2 Step Authentication?
Disable Two Step Authentication
- Navigate to Administration > Account Management > Authentication
- Click Manage 2 Step Authentication
- Click the toggle to disable 2 Step Authentication
- Click Save
- Click Confirm on the Update summary.
FAQ
How will I know if two step authentication is enabled or disabled? Navigate to Administration > Account Management > Authentication and check the status of the setting in the 2 step authentication section - Enabled (Green) or Disabled (Grey)
Will I receive any notifications if two step authentication settings have changed?
Yes, upon changing the status or scope of 2 step authentication, an email will be sent to the organization tech contact informing them of the change.
How can I update a user's phone numbers to use the SMS authentication factor?
Locate the user then navigate to Profile Page > Mobile Number.
Will a user's mobile numbers sync over Active Directory or Azure Directory sync?
Yes, we sync both Active Directory and Azure Directory mobile number fields.
Will CSV Import support the ability to add a mobile number?
Yes, we've extended CSV Import to include a new mobile number field.
Do all my users need a valid phone number to login if 2 step authentication is enabled?
Yes, please ensure all in-scope user accounts (including your own) have a valid mobile number. Users without a valid mobile number will not receive a one-time passcode and will be unable to log in.
If I have an account on multiple sites, will I be prompted to enter a passcode for each account?
To ensure a greater security posture across all sites, if you have multiple accounts, you will be required to enter a passcode when logging in, per account, per site. Upon a successful login, you will not be prompted to enter another passcode for 12 hours.
Can I reset my password when 2 step authentication is turned on?
Yes, users can use the existing reset password functionality to reset their password over email. If 2 step authentication is enabled with SMS as the authentication method, users will not have the option to reset their password via SMS.
Carlos Rios
Comments