Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Two-Step Login Verification

Egnyte recommends enhancing the account security with Two-Step Login Verification (TSLV, MFA or TFA). TSLV adds an extra layer of protection by requesting an additional piece of information, alongside the username and password, each time the user logs in. This applies to all Egnyte access points, including the Web UI, Mobile App, and Desktop App.  

Egnyte has partnered with Twilio Inc., a leader in two-factor authentication, to secure user’s account with TSLV. If the user has a smartphone, the Twilio Authy Mobile app's 'Push' feature is the most secure and convenient way to grant access to the Egnyte account directly from the smartphone.

Egnyte offers four different methods for login verification, allowing users to choose the most convenient option. This article outlines a step-by-step process for each option, following instructions on how to enable TSLV on the profile.

Basic Two-Factor Authentication (TFA) using TOTP & Twilio Authy Mobile App for authentication is included with all Egnyte plans. The SMS or VoiceCall-based methods are only available on the Enterprise plans.

Skip Ahead to...

Enable and Register Two-Step Login Verification

Login with TOTP Authentication Method

Login with Twilio Authy Push Notification

Login with Twilio Authy Mobile App

Login with Phone Number

Login to the Desktop App

Disable Two-Step Login Verification

Admin Features

Enable TSLV for users

Resetting a User's TSLV Settings

Switching from Authy to TOTP

Enabling the "Remember Me" and "Trusted Networks" Capabilities

Additional Resources

 

Enable and Register Two-Step Login Verification

  1. If the account Administrator has not made TSLV mandatory, the user can opt into the feature by navigating to Settings -> My Profile -> My Preferences -> Security.
  2. Click the toggle button next to Two-step login verification to enable it and click Save at the bottom of the screen.
    webui_redesign_user_profile_preferences_enable_tfa.png
  3. The user will be automatically logged out of their account. They will need to re-enter the username and password and click Get Started.
    TSLV - getting started - enabled from profile.png
    If the Admin has enforced TSLV, the following screen below will be displayed when registering.
    TSLV - getting started - enabled for everyone.png
  4. The user will be asked to specify a way to register the device:
    • TOTP authentication method using Authenticator app
    • Twilio Authy authenticator App
    • Phone Number

      Phone number option is not available with Basic Two-Factor Authentication.


    TSLV 16th oct update 1.png
    In general, Egnyte recommends using an authenticator app that supports the TOTP authentication method as it is the most secure method of two-step login verification. Alternatively, users can utilise Twilio Authy Mobile app for two-factor authentication. 
  5. Download an authenticator app on the mobile phone that supports TOTP authentication method (Example: Google authenticator, Microsoft authenticator). Scan the QR code from the authenticator app and enter the code presented. Click Next.
    TSLV 16th oct update 2.png
  6. A message will appear confirming successful set up. Click on Continue to access the Egnyte platform.
    TSLV 16th oct update 3.png
  7. Alternatively, download the Twilio Authy App on the mobile phone.
    TSLV 16th oct update 4.png
  8. Upon downloading the Twilio Authy Mobile app.
    • iOS: Click the + (add account) icon and then select Scan QR Code to scan the QR code that is displayed on the computer screen.
    • Android: Click the menu icon (three dots), Add Account, and then Scan QR Code.
    Upon scanning the QR Code, a confirmation message will be displayed indicating the Egnyte Domain was successfully added.
    TSLV - Scan Qr code.png
  9. Enter the code displayed in the Twilio Authy App.
     TSLV - Enter code.png
  10. A confirmation of successful registration will appear. Click Done, to be logged into Egnyte.
    webui_redesign_tfa_login_enrollment_confirmation.png
  11. Alternatively, the user can register their phone number to receive TFA codes via SMS or voice call (this option is not available with the Basic Two-Factor Authentication)
    TSLV - use phone number.png
  12. Select the country, enter the phone number, and click Next.

    Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. Users can use the Twilio Authy Mobile App as an alternate option.

    TSLV - enter phone number.png
  13. If the user enters a mobile phone number, they will see two possible options to receive the code: Use text messages and Use voice call. For a landline number, there will be only the Use voice call option.
    TSLV - choose between text or phone call.png

  14. Enter the code that was received and click Next.
    TSLV - enter code received on phone.png

  15. The user will be asked to download the Twilio Authy App to make logging in quicker and more secure in the future. We highly recommend using the app. If you would like to continue without using the app, click Skip.
    TSLV - phone number setup complete.png
  16. The user's phone number will be successfully registered and they will be logged in to Egnyte.

 

Login with TOTP Authentication Method

  1. Log in to Egnyte with username or email address and password.
  2. A screen will appear asking for the OTP. Enter the TOTP appearing in the authenticator app and click Next.
    TSLV 16th oct update 5.png

The user will be logged into their Egnyte domain after entering the correct code.

 

Login with Twilio Authy Push Notification

  1. Log in to Egnyte with username or email address and password.
  2. A screen will appear stating that Authy has sent a push notification.
    webui_redesign_tfa_push_notification.png
  3. Open the notification from the notification tray to be directed to the mobile app. Tap Approve if the login date and time match while logging in.
    Screen_Shot_2019-06-03_at_11.15.24_AM.png
  4. Within a few seconds of tapping Approve, the user will be automatically logged into Egnyte.

Login with Twilio Authy Mobile App

  1. Log in to Egnyte with username or email address and password.
  2. A page will appear asking for a .
    webui_redesign_tfa_push_notification.png
  3. Open the Twilio Authy App. If there is more than one account registered with the app, the user will need to select the Egnyte domain account to locate the code.
    The code changes every 20 seconds.
  4. Enter the code on the Egnyte screen and click Next.
    A message will appear confirming successful set up. Click on ‘Continue’ to access the Egnyte platform.
  5. If the code is valid, the user be granted access to Egnyte.

 

Login with Phone Number

Note that this option is not available with the Basic Two-Factor Authentication

  1. Log in to Egnyte with the username or email address and password.
  2. If the 'Use Phone Number' option was selected during the TSLV setup process, a screen will appear asking for a delivery method for the code. Choose between a text message or a voice call.
    TSLV - choose code delivery method.png
    If a mobile phone number was registered, there will be two options to choose from: Use text messages or Use voice call. If a landline number was registered, there will only be the option to Use voice call. Make your selection and click Next.

    Twilio Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Twilio Authy Mobile App as an alternate option.

  3. Users who have Authy App installed but want to authenticate using the phone number can click on the 'Unable to use Authy App?' option on the TFA screen.
    TSLV - click on unable to access authy app option.png
  4. Depending on the option selected, the seven-digit code will be delivered via a text message or phone call. Enter the code and click Next.
    TSLV - enter code received from mobile.png
    TSLV - enter code received on phone call.png
  5. Once the code has been verified, access will be granted to Egnyte.

 

Login to the Desktop App

Once TSLV has been set up through the Web UI, it can be used to log in to the Desktop App. Users will get the TFA popup only while adding or authenticating a drive.

To verify the account, users can choose one of the following methods:

  • Mobile Push
  • Passcode
  • Phone Number (VoiceCall or SMS). Note that this option is not available with the Basic Two-Factor Authentication

Screen_Shot_2019-06-03_at_10.59.28_AM.png

 

Disable Two-Step Login Verification

While users can set up and configure the two-step login verification (aka TFA) as another layer of security while logging in, they can always disable it if they want to.

To disable two-step login verification:

  1. Navigate to Settings -> My Profile -> My Preferences -> Security
  2. Disable the Two-step login verification toggle.
  3. Click on Save

webui_redesign_user_profile_preferences_disable_tfa.png

On saving the preferences with two-step login verification disabled, the system will check when was the last time user’s identity was confirmed using two-step login verification. 

If the user’s identity was last confirmed within the last 60 minutes, the user will be allowed to disable two-step login verification without any additional identity confirmation. 

However, if the last identity confirmation was performed more than 60 minutes ago, the user will be asked to log in again and confirm their identity before the two-step login verification can be disabled as shown below.  

TSLV - reauthentication popup before disabling.png

When the user opts to re-login, the user’s identity is confirmed using the two-step login verification after the user logs back in. 

TSLV - re-verify TFA to disable authentication.png

Post identify confirmation, the user will be redirected to the preferences screen where they will get the option to disable the two-step login verification as shown below.  

TSLV - Confirm disabling TFA.png

The two-step login verification will be disabled only if the user selects the Disable Now button from the above step. 

Users can enable two-step login verification at any point in time.

 

Admin Features

Enable TSLV for users

Administrators of accounts that are on one of the platform plans can mandate two-step login verification for their users. This option can be found in Settings -> Configuration -> Security & Authentication ->Two-step login verification section. Users will be required to configure TSLV upon their next login.

webui_redesign_admin_settings_configuration_enable_tfa.png
Admins can limit the users that are required to use TSLV by selecting the appropriate option from the 'Require two-step login verification for' dropdown. The options available are All Users, Admins & Power Users only, and Standard Users only. Save the changes after selecting the option.

TSLV - select class of users to enforce TFA.png

Once selected and saved, every user of that type will need to use TSLV to log in. Users who authenticate via Single Sign-On can be excluded.  No other exceptions are possible. 

TSLV - exclude SSO users.png

If the Admin wants only specific users to use TSLV, they can enable two-step login verification in the user's profile from the Users & Groups tab.

To know if an Admin or the Power User has enabled TSLV, run a User Provisioning Report.

TSLV -  user provisioning report.png

 

Resetting a User's TSLV Settings

If a user loses their phone used for TSLV or needs to change the phone number associated with it, the admin can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.

TSLV - reset TSLV.png

Even if the admin does not mandate TSLV, individual users in the Egnyte domain can still opt into the feature. If the admin no longer requires users to have TSLV, users who previously opted in on their own will still have TSLV enabled.

Switching from Authy to TOTP

In order to switch from Authy to TOTP( e.g. Google or Microsoft authenticator), Admins can Reset the TSLV for the individual user(s) and re-enroll using TOTP. 

The TSLV reset also be done in bulk for multiple users using Import Users and Groups feature. 

Enabling the "Remember Me" and "Trusted Networks" Capabilities

The security level associated with TSLV can be customized in the Security & Authentication settings. For example, login verification may not be required for every login from a work computer, but it would be necessary when logging in from a hotel business center computer. Egnyte provides a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified period. Once the setting is enabled, the duration for which devices can be remembered can be configured.

TSLV - remember me.png

Admins can also enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.

Internal IP address(es) are not supported with the Trusted networks feature.
Individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation) can be entered, ensuring each address or range is separated with a comma.

 

Additional Resources

Authy Two-Step Login Verification - FAQs

 

Was this article helpful?
2 out of 5 found this helpful

For technical assistance, please contact us.