You can enable MFA, which enhances security by requiring users to verify their identity through two or more methods.
There are multiple options for MFA that Admins can configure depending on your organization’s security needs:
Allowed:
Users have the option to enable MFA, but it’s not mandatory. It is suitable for organizations offering optional security layers without enforcing strict requirements.
Required
Users are strongly encouraged to enable MFA. A banner will appear on the login page as a reminder.
It is ideal for organizations with internal or external requirements for two-factor authentication.
Note: Users can log in without MFA initially, but the banner persists until MFA is fully enabled.
If both Email and App MFA login options are enforced by Admin, users must activate both to remove the banner.
Enforced
MFA is mandatory for all users before they can log in.
Users must enable MFA during their first login. First, activate the App-based MFA. On subsequent logins, activate Email-based MFA.
Note: After changing a password, MFA settings cannot be disabled.
Disabled
MFA is turned off. No users are required to enable it.
Admin Controls, managing MFA for Users:
Admins can control MFA settings via Manage Users:
- Disabling MFA: If an admin disables MFA, users with existing codes can still use them, but new users will not be required to enable MFA.
- Account Lockout: After too many failed MFA attempts, a user will be locked out. The admin must reset the user's password to unlock the account.