Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Two Step Login Verification - Admin guide

Administrators of accounts that are on one of the platform plans can mandate two-step login verification for their users. This option can be found in Settings -> Configuration -> Security & Authentication ->Two-step login verification section. Users will be required to configure TSLV upon their next login.

webui_redesign_admin_settings_configuration_enable_tfa.png
Admins can restrict users required to use TSLV by selecting an option from the Require two-step login verification for dropdown. Available options include All Users, Admins & Power Users only, and Standard Users only. Once selected, save the changes.

TSLV - select class of users to enforce TFA.png

Once selected and saved, all users of the specified type must use TSLV to log in. Users authenticating via Single Sign-On can be excluded, with no other exceptions allowed.

TSLV - exclude SSO users.png

To require TSLV for specific users, the Admin can enable two-step login verification in the user's profile from the Users & Groups tab.

To know if an Admin or the Power User has enabled TSLV, run a User Provisioning Report.

TSLV -  user provisioning report.png

 

Resetting a User's TSLV Settings

If a user loses their phone used for TSLV or needs to change the phone number associated with it, the admin can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.

TSLV - reset TSLV.png

Even if the admin does not mandate TSLV, individual users in the Egnyte domain can still opt into the feature. If the admin no longer requires users to have TSLV, users who previously opted in on their own will still have TSLV enabled.

Switching from Authy to TOTP

In order to switch from Authy to TOTP (e.g. Google or Microsoft authenticator), Admins can Reset the TSLV for the individual user(s) and the user can then re-enroll using TOTP. 

The TSLV reset also be done in bulk for multiple users using Import Users and Groups feature. 

Enabling the "Remember Me" and "Trusted Networks" Capabilities

The security level associated with TSLV can be customized in the Security & Authentication settings. For example, login verification may not be required for every login from a work computer, but it would be necessary when logging in from a hotel business center computer. Egnyte provides a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified period. Once the setting is enabled, the duration for which devices can be remembered can be configured.

TSLV - remember me.png

Admins can also enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.

TSLV - Admin guide - Trusted networks .png

- Internal IP address(es) are not supported with the Trusted networks feature.
- Individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation) can be entered, ensuring each address or range is separated with a comma.

 

Additional Resources

Two-Step Login Verification - User Guide

Two-Step Login Verification - FAQs

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.