Egnyte recommends enhancing the account security with Two-Step Login Verification (TSLV, MFA or TFA). TSLV adds an extra layer of protection by requesting an additional piece of information, alongside the username and password, each time the user logs in. This applies to all Egnyte access points, including the Web UI, Mobile App, and Desktop App.
Egnyte has partnered with Twilio Inc., a leader in two-factor authentication, to secure user’s account with TSLV. If the user has a smartphone, the Authy Mobile app's 'Push' feature is the most secure and convenient way to grant access to the Egnyte account directly from the smartphone.
Egnyte offers four different methods for login verification, allowing users to choose the most convenient option. This article outlines a step-by-step process for each option, following instructions on how to enable TSLV on the profile.
Basic Two-Factor Authentication (TFA) using Authy Mobile App for authentication is included with all Egnyte plans. The SMS or VoiceCall-based methods are only available on the Enterprise plans.
Skip Ahead to...
Enable and Register Two-Step Login Verification
Login with Authy Push Notification
Login with Authy Mobile App
Login with Phone Number
Login to the Desktop App
Disable Two-Step Login Verification
Admin Features
Resetting a User's TSLV Settings
Enabling the "Remember Me" and "Trusted Networks" Capabilities
Additional Resources
Enable and Register Two-Step Login Verification
- If the account Administrator has not made TSLV mandatory, the user can opt into the feature by navigating to Settings -> My Profile -> My Preferences -> Security.
-
Click the toggle button next to Two-step login verification to enable it and click Save at the bottom of the screen.
- The user will be automatically logged out of their account. They will need to re-enter the username and password and click Get Started.
If the Admin has enforced TSLV, the following screen below will be displayed when registering.
- The user will be asked to specify a way to register the device:
- Authy authenticator App
- Phone Number
Phone number option is not available with Basic Two-Factor Authentication.
In general, Egnyte recommends using the Authy Mobile App as it is the most secure method of two-step login verification. If the user does not have the Authy Mobile App installed yet, they will see a description of how to install it on the next screen. Skip to step 9 to learn how to register using a phone number (SMS text or voice call).
- Download the Twilio Authy App on your mobile phone.
- Upon downloading the Twilio Authy Mobile app.
- iOS: Click the + (add account) icon and then select Scan QR Code to scan the QR code that is displayed on the computer screen.
- Android: Click the menu icon (three dots), Add Account, and then Scan QR Code.
- Enter the code displayed in the Twilio Authy App.
- A confirmation of successful registration will appear. Click Done, to be logged into Egnyte.
- Alternatively, the user can register their phone number to receive TFA codes via SMS or voice call (this option is not available with the Basic Two-Factor Authentication)
- Select the country, enter the phone number, and click Next.
Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Mobile App as an alternate option.
-
If the user enters a mobile phone number, they will see two possible options to receive the code: Use text messages and Use voice call. For a landline number, there will be only the Use voice call option.
-
Enter the code that was received and click Next.
- The user will be asked to download the Twilio Authy App to make logging in quicker and more secure in the future. We highly recommend using the app. If you would like to continue without using the app, click Skip.
- The user's phone number will be successfully registered and they will be logged in to Egnyte.
Login with Authy Push Notification
- Log in to Egnyte with username or email address and password.
-
A screen will appear stating that Authy has sent a push notification.
- Open the notification from the notification tray to be directed to the mobile app. Tap Approve if the login date and time match while logging in.
- Within a few seconds of tapping Approve, the user will be automatically logged into Egnyte.
Login with Authy Mobile App
- Log in to Egnyte with username or email address and password.
- A page will appear asking for a seven-digit code from your Twilio Authy App.
- Open the Authy App. If there is more than one account registered with the app, the user will need to select the Egnyte domain account to locate the code.
The code changes every 20 seconds. - Enter the code on the Egnyte screen and click Next.
- If the code is valid, the user be granted access to Egnyte.
Login with Phone Number
Note that this option is not available with the Basic Two-Factor Authentication
- Log in to Egnyte with the username or email address and password.
-
If the 'Use Phone Number' option was selected during the TSLV setup process, a screen will appear asking for a delivery method for the code. Choose between a text message or a voice call.
If a mobile phone number was registered, there will be two options to choose from: Use text messages or Use voice call. If a landline number was registered, there will only be the option to Use voice call. Make your selection and click Next.
Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Mobile App as an alternate option.
- Users who have Authy App installed but want to authenticate using the phone number can click on the 'Unable to use Authy App?' option on the TFA screen.
- Depending on the option selected, the seven-digit code will be delivered via a text message or phone call. Enter the code and click Next.
- Once the code has been verified, access will be granted to Egnyte.
Login to the Desktop App
Once TSLV has been set up through the Web UI, it can be used to log in to the Desktop App. Users will get the TFA popup only while adding or authenticating a drive.
To verify the account, users can choose one of the following methods:
- Mobile Push
- Passcode
- Phone Number (VoiceCall or SMS). Note that this option is not available with the Basic Two-Factor Authentication
Disable Two-Step Login Verification
While users can set up and configure the two-step login verification (aka TFA) as another layer of security while logging in, they can always disable it if they want to.
To disable two-step login verification:
- Navigate to Settings -> My Profile -> My Preferences -> Security
- Disable the Two-step login verification toggle.
- Click on Save.
On saving the preferences with two-step login verification disabled, the system will check when was the last time user’s identity was confirmed using two-step login verification.
If the user’s identity was last confirmed within the last 60 minutes, the user will be allowed to disable two-step login verification without any additional identity confirmation.
However, if the last identity confirmation was performed more than 60 minutes ago, the user will be asked to log in again and confirm their identity before the two-step login verification can be disabled as shown below.
When the user opts to re-login, the user’s identity is confirmed using the two-step login verification after the user logs back in.
Post identify confirmation, the user will be redirected to the preferences screen where they will get the option to disable the two-step login verification as shown below.
The two-step login verification will be disabled only if the user selects the Disable Now button from the above step.
Users can enable two-step login verification at any point in time.
Admin Features
Enable TSLV for users
Administrators of accounts that are on one of the platform plans can mandate two-step login verification for their users. This option can be found in Settings -> Configuration -> Security & Authentication ->Two-step login verification section. Users will be required to configure TSLV upon their next login.
Admins can limit the users that are required to use TSLV by selecting the appropriate option from the 'Require two-step login verification for' dropdown. The options available are All Users, Admins & Power Users only, and Standard Users only. Save the changes after selecting the option.
Once selected and saved, every user of that type will need to use TSLV to log in. Users who authenticate via Single Sign-On can be excluded. No other exceptions are possible.
If the Admin wants only specific users to use TSLV, they can enable two-step login verification in the user's profile from the Users & Groups tab.
To know if an Admin or the Power User has enabled TSLV, run a User Provisioning Report.
Resetting a User's TSLV Settings
If a user loses their phone used for TSLV or needs to change the phone number associated with it, the admin can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.
Even if the admin does not mandate TSLV, individual users in the Egnyte domain can still opt into the feature. If the admin no longer requires users to have TSLV, users who previously opted in on their own will still have TSLV enabled.
Enabling the "Remember Me" and "Trusted Networks" Capabilities
The security level associated with TSLV can be customized in the Security & Authentication settings. For example, login verification may not be required for every login from a work computer, but it would be necessary when logging in from a hotel business center computer. Egnyte provides a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified period. Once the setting is enabled, the duration for which devices can be remembered can be configured.
Admins can also enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.
Internal IP address(es) are not supported with the Trusted networks feature.
Individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation) can be entered, ensuring each address or range is separated with a comma.
Additional Resources
Authy Two-Step Login Verification - FAQs