Administrators of accounts that are on one of the platform plans can mandate two-step login verification for their users. This option can be found in Settings -> Configuration -> Security & Authentication ->Two-step login verification section. Users will be required to configure TSLV upon their next login.
Admins can restrict users required to use TSLV by selecting an option from the Require two-step login verification for dropdown. Available options include All Users, Admins & Power Users only, and Standard Users only. Once selected, save the changes.
Once selected and saved, all users of the specified type must use TSLV to log in. Users authenticating via Single Sign-On can be excluded, with no other exceptions allowed.
To require TSLV for specific users, the Admin can enable two-step login verification in the user's profile from the Users & Groups tab.
To know if an Admin or the Power User has enabled TSLV, run a User Provisioning Report.
Resetting a User's TSLV Settings
If a user loses their phone used for TSLV or needs to change the phone number associated with it, the admin can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.
Even if the admin does not mandate TSLV, individual users in the Egnyte domain can still opt into the feature. If the admin no longer requires users to have TSLV, users who previously opted in on their own will still have TSLV enabled.
Switching from Authy to TOTP
In order to switch from Authy to TOTP (e.g. Google or Microsoft authenticator), Admins can Reset the TSLV for the individual user(s) and the user can then re-enroll using TOTP.
The TSLV reset also be done in bulk for multiple users using Import Users and Groups feature.
Enabling the "Remember Me" and "Trusted Networks" Capabilities
The security level associated with TSLV can be customized in the Security & Authentication settings. For example, login verification may not be required for every login from a work computer, but it would be necessary when logging in from a hotel business center computer. Egnyte provides a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified period. Once the setting is enabled, the duration for which devices can be remembered can be configured.
Admins can also enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.
- Internal IP address(es) are not supported with the Trusted networks feature.
- Individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation) can be entered, ensuring each address or range is separated with a comma.