Using Two-Step Login Verification

Overview


You can make your Egnyte account even more secure by using Two-Step Login Verification provided with our Advanced Security Package. Two-Step Login Verification (TSLV) requires a third piece of information (in addition to your username and password) in order to log in.

Note: This setting will not be available unless the Advanced Security Package has been purchased for the domain.

Egnyte has partnered with Duo Security, a leader in two-factor authentication, to secure your account with TSLV. If you have a smartphone, the Duo Mobile app’s “Duo Push” feature is a convenient way to grant access to your Egnyte account right from your smartphone.

Egnyte has provided 4 different options to verify your login to make it easy to choose the most convenient method for you. We'll walk you through each option after providing instructions to enable TSLV on your profile. The last section will address administration features available to Egnyte domain Admins.

Enable Two-Step Login Verification 

Passcode through Duo Mobile App

Passcode through Text Message

Passcode through Phone Call

Passcode through Duo Push

Admin Features 

Enable Two-Step Login Verification

  1. If your account administrator has not made TSLV mandatory, you can opt into the feature by clicking on your profile picture and then your name. From the My Profile tab, click My Preferences. In the Security section, select the toggle next to Two-step login verification and click Save at the bottom of the screen.


  2. You will be automatically logged out of your account. Re-enter your username and password and you will see this screen. Choose Start setup.

    UI_start_set_up_2_factor.png

  3. You will be asked to specify a device type on which you will receive your TSLV "challenge". We recommend that you receive your challenge on your mobile phone.

    UI_choose_device_2_factor.png

  4. Enter your phone number and check the box to verify it is the correct number. Click Continue once it's been verified.

    UI_enter_number_2_factor.png

  5. Select your phone's operating system and click Continue.

    UI_OS_2_factor.png

  6. Based on the OS you selected in the preceding step, you'll receive instructions about how to get the Duo Mobile app (it's free). Once you have installed the app, select the I have Duo Mobile installed option to proceed.

    UI_duo_app.png

  7. The next step requires you to use the Duo-Mobile app to scan a QR code that displays on your computer screen. You can also use the link to have an activation link emailed to you.

    UI_due_activate.png

  8. Once you've scanned the QR code or used the activation link, you'll be asked to choose a default method for receiving the "challenge" from the When I log in drop-down.

    Note: If you have multiple devices you'd like to be able to use, click the Add another device link to add it here.

    UI_duo_settings.png

 

Passcode through Duo Mobile App

  1. Click the Enter a Passcode option.

    UI_enter_passcode.png

  2. Open the Duo Mobile App and expand the Egnyte option so you see a 6 digit code.

    UI_Duo_app_code.png

  3. Enter the code in the box on the browser and click Log In.

    UI_manual_enter_code.png

    Note: If you receive an error message stating Incorrect passcode, go back to the app and click the Refresh icon to generate a new passcode and try again.

  4. If you have entered the passcode correctly, you will be granted access to your Egnyte account.

 

Passcode through Text Message

  1. Click the Enter a Passcode option. 

    UI_enter_passcode.png

  2. Click the Text me new codes option to receive a text instead.

    UI_text_me_new_codes.png

  3. The text message will contain a 6 digit code. You'll need to enter the code in the box on the browser and click Log In.

  4. If you have entered the passcode correctly, you will be granted access to your Egnyte account.

Passcode through Phone Call

  1. Select Call Me and click Log In.

    UI_call_me.png

  2. You will receive an automated phone call that will prompt you to press any key on your phone to proceed. Once you’ve done this, you’ll be automatically logged in.

 

Passcode through Duo Push

  1. Click Send Me a Push.

    UI_send_me_a_push.png

  2. When you receive the push notification, tap on it to open the Login Request page. Tap Approve to verify the login request and automatically be logged into the account. 

    UI_Duo_app_approve.png


Admin Features

Administrators of accounts which have purchased the Advanced Security Package can mandate the use of two-step login verification for their users. This option can be found in Configuration settings under Security & Authentication in the Two-step login verification section. Your users will be required to configure TSLV upon their next login.


It’s possible to limit which users are required to use TSLV. You can require this feature for All Users, Admins & Power Users only, or Standard Users only.  If you apply this feature to a class of users, every user of that type will need to use TSLV.

Note: You cannot grant exceptions.

If you only want to require specific users to use TSLV, you can enable two-step login verification from the Users & Groups tab by editing the user profile.


Resetting a User's TSLV Settings

If a user loses the phone used for TSLV or needs to change the phone number associated with it, you can reset their account’s TSLV by going to their user details screen and selecting the "Reset" option next to Two-Step Login Verification.

UI_reset_tslv.png 

Even if you do not mandate TSLV, individual users in your Egnyte domain will still be able to opt in to the feature. If you no longer require users to have TSLV, users who previously opted in on their own will still have TSLV enabled.

Enabling the "Remember Me" and "Trusted Networks" Capabilities


If you would like to customize the level of security associated with TSLV, you can do so from the Security & Authentication settings. For example, you might not want to require login verification every time you log into Egnyte from your work computer, but would want to require this when logging on from a computer in a hotel business center. We’ve also provided a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified time period. Once you’ve turned the setting on then you can set the duration of time for which devices can be remembered.

UI_remember_device_2_step.png 

We’ve also made it possible for account admins to enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.

Note: You can enter individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation), but be sure to separate each address or range with a comma.

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community .