Egnyte customers who are on one of the "platform" plans can make their Egnyte account even more secure using Two-Step Login Verification (TSLV). TSLV requires a third piece of information, in addition to your username and password, to log you in. This includes logging in from the Web UI, the Mobile App, or the Desktop App.  

Egnyte has partnered with Twilio Inc., a leader in two-factor authentication, to secure your account with TSLV. If you have a smartphone, the Authy Mobile app’s “Push” feature is not only the most secure option but the most convenient way to grant access to your Egnyte account right from your smartphone. 

Egnyte has provided four different options to verify your login to make it easy to choose the most convenient method for you.

We'll walk you through each option after providing instructions to enable TSLV on your profile. The last section will address administration features available to Egnyte domain Admins.

The Basic Two-Factor Authentication (Two-Step Login Verification) included in Business plans only allows using Authy Mobile App for authentication and does not allow SMS or VoiceCall-based methods (available on the Enterprise plan).

 

Skip Ahead to...

Enable and Register Two-Step Login Verification

Login with Authy Push Notification

Login with Authy Mobile App

Login with Phone Number

Login with the Desktop App

Disable Two-Step Login Verification

Admin Features

Additional Resources

Enable and Register Two-Step Login Verification

  1. If your account Administrator has not made TSLV mandatory, you can opt into the feature by clicking on your profile picture and then your name. From the My Profile tab, click My Preferences. In the Security section, select the toggle next to Two-step login verification and click Save at the bottom of the screen.

    webui_redesign_navigation_profile_preferences_enable_tfa_tslv.png

  2. You will be automatically logged out of your account. Re-enter your username and password, and choose Get Started.

    webui_redesign_login_tfa_enrollment_get_started_self.png

    If your Admin has required TSLV, you'll see the screen below when registering.

    webui_redesign_login_tfa_enrollment_get_started_admin.png

  3. You will be asked to specify a way to register your device - using the Authy authenticator App or using a Phone Number (the latter is not available with the Basic Two-Factor Authentication). In general, we recommend using the Authy Mobile App as it is the most secure method of the second-step login verification. If you do not have Authy Mobile App installed yet, you will see a description of how to install it on the next screen. Skip to step 8 to learn how to register using a phone number (SMS text or voice call).

    webui_redesign_tfa_login_enrollment_security_method.png

  4. Download the Twilio Authy App on your mobile phone.

    webui_redesign_tfa_login_enrollment_qr_code.png

  5. Upon downloading the Twilio Authy Mobile app.

    iOS: Click the + (add account) icon and then Scan QR Code to scan the QR code that displays on your computer screen.

    Android: Click the menu icon (three dots), Add Account, and then Scan QR Code. Upon scanning the QR Code, you'll receive a confirmation message when the Egnyte Domain was successfully added.

  6. Enter the code you see in your Twilio Authy App.

    webui_redesign_tfa_login_enrollment_qr_code.png

  7. You will see a confirmation of successful registration of the Twilio Authy app. Once you click Done, you'll be automatically be logged into Egnyte.

    webui_redesign_tfa_login_enrollment_confirmation.png

  8. Alternatively, you can register your mobile phone by using a phone number with an SMS text or a voice call (this option is not available with the Basic Two-Factor Authentication (Two-Step Login Verification)

    webui_redesign_login_tfa_enrollment_use_phone_number.png

  9. Select the country, enter your phone number, and click Next.

    Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Desktop App, Mobile App, or Google Chrome plugin as an alternate option.


    webui_redesign_login_tfa_enrollment_enter_phone_number.png

  10. If you specified a mobile phone number, you would see two possible options to receive the code (for a landline number, there will be only the Use voice call option).

    webui_redesign_login_tfa_enrollment_phone_text_voice.png

  11. Enter the six-digit code you received and click Next.

    webui_redesign_tfa_login_enrollment_sms_enter_code.jpg

  12. You'll be asked to download the Twilio Authy App to make logging in quicker and more secure in the future. We highly recommend using the app. If you would like to continue without using the app, click Skip.

    webui_redesign_tfa_login_enrollment_sms_confirmation.jpg
  13. You'll immediately be logged into Egnyte, and your phone number will be registered with us.

Login with Authy Push Notification

  1. Begin by logging into Egnyte with your username or email address and password.

  2. Once entered, you'll see a screen letting you know that Authy has sent you a push notification.

    webui_redesign_tfa_push_notification.png

  3. Open the notification from your notification tray to be directed to the mobile app. Tap Approve if the login date and time match when you were logging in.

    Screen_Shot_2019-06-03_at_11.15.24_AM.png

  4. Within a few seconds of tapping Approve, you'll be automatically logged into Egnyte.

Login with Authy Mobile App

  1. Begin by logging into Egnyte with your username or email address and password.

  2. Once entered, you'll see a screen asking for a seven-digit code from your Twilio Authy App.

  3. Open the Twilio Authy App. If you have more than one account registered with the app, you'll need to select the Egnyte domain account to locate the code.

    The code changes every 20 seconds.

  4. Enter the code from the Egnyte screen and click Next.

  5. If the code is valid, you'll be granted access to Egnyte.

Login with Phone Number

Note that this option is not available with the Basic Two-Factor Authentication (Two-Step Login Verification)

  1. Begin by logging into Egnyte with your username/email address and password.

  2. Once entered, you'll see a screen for Two Factor Authentication. If you don't have the Authy Mobile App installed (recommended), click the Use Phone number option.

  3. If you have a mobile phone number registered, you'll have two options to choose from: Use text messages or Use voice call. If you have a landline registered, you'll only have the option to Use voice call. Make your selection and click Next.

    Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Desktop App, Mobile App, or Google Chrome plugin as an alternate option.


  4. Depending on the option you selected, you'll either receive a text message or phone call with a seven digit code. Enter the code and click Next.


  5. Once the code has been verified, you'll be granted access to Egnyte.

Login Through the Desktop App

Once Authy has been set up through the Web UI, you'll need to login through the Desktop App to verify your account if you were not logged in previously.

If you disconnect or remove the drive in the future, you may need to go through this process.

To verify your account, you can use one of the following methods:

  • Mobile Push
  • Passcode
  • Phone Number (VoiceCall or SMS). Note that this option is not available with the Basic Two-Factor Authentication (Two-Step Login Verification)

Screen_Shot_2019-06-03_at_10.59.28_AM.png

 

Disable Two-Step Login Verification

While users can set up and configure the two-step login verification (aka TFA) as another layer of security while they log in to Egnyte, they can always choose to disable two-step login verification whenever they need.

To disable two-step login verification, the user can access their preferences page and hit the corresponding disable button as shown below. 

webui_redesign_user_profile_preferences_tfa_disable.png

On saving the preferences with two-step login verification disabled, the system will check when was the last time user’s identity was confirmed using two-step login verification for that user. 

If the user’s identity was last confirmed within the last 60 minutes, the user will be allowed to disable two-step login verification without any additional identity confirmation. 

However, if the last identity confirmation was performed more than 60 minutes ago, the user will be asked to log in again and confirm their identity before the two-step login verification can be disabled as shown below.  

webui_redesign_tfa_disable.logout.png

 

When the user opts to re-login, the user’s identity is confirmed using the two-step login verification after the user logs back in. 

webui_redesign_tfa_enrollment.png

Post identify confirmation, the user will be redirected to the preferences screen where they will get the option to disable the two-step login verification as shown below.  

webui_redesign_tfa_disable_verification_complete.png

The two-step login verification will get disabled only if the user selects the “Disable Now” button from the above step. 

webui_redesign_user_profile_preferences_tfa_disabled.png

Users can always choose not to disable two-step login verification at any point in time.

 

Admin Features

Administrators of accounts that are on one of the "platform" plans can mandate two-step login verification for their users. This option can be found in Configuration settings under Security & Authentication in the Two-step login verification section. Your users will be required to configure TSLV upon their next login.

webui_redesign_navigation_settings_configuration_enable_tfa_tslv.png


It’s possible to limit which users are required to use TSLV. You can require this feature for All Users, Admins & Power Users only, or Standard Users only. If you apply this feature to a class of users, every user of that type will need to use TSLV. If you have users that are authenticated via Single Sign-On, you can exclude them from Egnyte provided TSLV.

You cannot grant any other exceptions.

If you only want to require specific users to use TSLV, you can enable two-step login verification from the Users & Groups tab by editing the user's profile.


You can see if an Admin or the Power User enabled TSLV with the User Provisioning Report.


Resetting a User's TSLV Settings

If a user loses the phone used for TSLV or needs to change the phone number associated with it, you can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.

webui_redesign_user_profile_tfa_reset.png

Even if you do not mandate TSLV, individual users in your Egnyte domain will still be able to opt into the feature. If you no longer require users to have TSLV, users who previously opted in on their own will still have TSLV enabled.

 

Enabling the "Remember Me" and "Trusted Networks" Capabilities

If you would like to customize the security level associated with TSLV, you can do so from the Security & Authentication settings. For example, you might not want to require login verification every time you log into Egnyte from your work computer but would want to require this when logging on from a computer in a hotel business center. We’ve also provided a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified time period. Once you’ve turned the setting on, then you can set the duration of time for which devices can be remembered.

webui_redesign_tfa_remember_device_duration.png

We’ve also made it possible for account Admins to enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.

You can enter individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation), but be sure to separate each address or range with a comma.

Additional Resources

Authy Two-Step Login Verification - FAQs