Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Two-Step Login Verification

Follow

Egnyte recommends enhancing the account security with Two-Step Login Verification (TSLV, MFA or TFA). TSLV adds an extra layer of protection by requesting an additional piece of information, alongside the username and password, each time the user logs in. This applies to all Egnyte access points, including the Web UI, Mobile App, and Desktop App.  

Egnyte has partnered with Twilio Inc., a leader in two-factor authentication, to secure user’s account with TSLV. If the user has a smartphone, the Authy Mobile app's 'Push' feature is the most secure and convenient way to grant access to the Egnyte account directly from the smartphone.

Egnyte offers four different methods for login verification, allowing users to choose the most convenient option. This article outlines a step-by-step process for each option, following instructions on how to enable TSLV on the profile.

Basic Two-Factor Authentication (TFA) using Authy Mobile App for authentication is included with all Egnyte plans. The SMS or VoiceCall-based methods are only available on the Enterprise plans.

Skip Ahead to...

Enable and Register Two-Step Login Verification

Login with Authy Push Notification

Login with Authy Mobile App

Login with Phone Number

Login to the Desktop App

Disable Two-Step Login Verification

Admin Features

Enable TSLV for users

Resetting a User's TSLV Settings

Enabling the "Remember Me" and "Trusted Networks" Capabilities

Additional Resources

 

Enable and Register Two-Step Login Verification

  1. If the account Administrator has not made TSLV mandatory, the user can opt into the feature by navigating to Settings -> My Profile -> My Preferences -> Security.
  2. Click the toggle button next to Two-step login verification to enable it and click Save at the bottom of the screen.
    TSLV - enable from profile.png
  3. The user will be automatically logged out of their account. They will need to re-enter the username and password and click Get Started.
    TSLV - getting started - enabled from profile.png
    If the Admin has enforced TSLV, the following screen below will be displayed when registering.
    TSLV - getting started - enabled for everyone.png
  4. The user will be asked to specify a way to register the device:
    • Authy authenticator App
    • Phone Number

      Phone number option is not available with Basic Two-Factor Authentication.


    TSLV - select authentication method.png
    In general, Egnyte recommends using the Authy Mobile App as it is the most secure method of two-step login verification. If the user does not have the Authy Mobile App installed yet, they will see a description of how to install it on the next screen. Skip to step 9 to learn how to register using a phone number (SMS text or voice call).
    TSLV - authy set up screen.png
  5. Download the Twilio Authy App on your mobile phone.
    TSLV - Download Authy.png
  6. Upon downloading the Twilio Authy Mobile app.
    • iOS: Click the + (add account) icon and then select Scan QR Code to scan the QR code that is displayed on the computer screen.
    • Android: Click the menu icon (three dots), Add Account, and then Scan QR Code.
    Upon scanning the QR Code, a confirmation message will be displayed indicating the Egnyte Domain was successfully added.
    TSLV - Scan Qr code.png
  7. Enter the code displayed in the Twilio Authy App.
     TSLV - Enter code.png
  8. A confirmation of successful registration will appear. Click Done, to be logged into Egnyte.
    webui_redesign_tfa_login_enrollment_confirmation.png
  9. Alternatively, the user can register their phone number to receive TFA codes via SMS or voice call (this option is not available with the Basic Two-Factor Authentication)
    TSLV - use phone number.png
  10. Select the country, enter the phone number, and click Next.

    Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Mobile App as an alternate option.

    TSLV - enter phone number.png
  11. If the user enters a mobile phone number, they will see two possible options to receive the code: Use text messages and Use voice call. For a landline number, there will be only the Use voice call option.
    TSLV - choose between text or phone call.png

  12. Enter the code that was received and click Next.
    TSLV - enter code received on phone.png

  13. The user will be asked to download the Twilio Authy App to make logging in quicker and more secure in the future. We highly recommend using the app. If you would like to continue without using the app, click Skip.
    TSLV - phone number setup complete.png
  14. The user's phone number will be successfully registered and they will be logged in to Egnyte.

 

Login with Authy Push Notification

  1. Log in to Egnyte with username or email address and password.
  2. A screen will appear stating that Authy has sent a push notification.
    webui_redesign_tfa_push_notification.png
  3. Open the notification from the notification tray to be directed to the mobile app. Tap Approve if the login date and time match while logging in.
    Screen_Shot_2019-06-03_at_11.15.24_AM.png
  4. Within a few seconds of tapping Approve, the user will be automatically logged into Egnyte.

 

Login with Authy Mobile App

  1. Log in to Egnyte with username or email address and password.
  2. A page will appear asking for a seven-digit code from your Twilio Authy App.
    webui_redesign_tfa_push_notification.png
  3. Open the Authy App. If there is more than one account registered with the app, the user will need to select the Egnyte domain account to locate the code.
    The code changes every 20 seconds.
  4. Enter the code on the Egnyte screen and click Next.
  5. If the code is valid, the user be granted access to Egnyte.

 

Login with Phone Number

Note that this option is not available with the Basic Two-Factor Authentication

  1. Log in to Egnyte with the username or email address and password.
  2. If the 'Use Phone Number' option was selected during the TSLV setup process, a screen will appear asking for a delivery method for the code. Choose between a text message or a voice call.
    TSLV - choose code delivery method.png
    If a mobile phone number was registered, there will be two options to choose from: Use text messages or Use voice call. If a landline number was registered, there will only be the option to Use voice call. Make your selection and click Next.

    Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Mobile App as an alternate option.

  3. Users who have Authy App installed but want to authenticate using the phone number can click on the 'Unable to use Authy App?' option on the TFA screen.
    TSLV - click on unable to access authy app option.png
  4. Depending on the option selected, the seven-digit code will be delivered via a text message or phone call. Enter the code and click Next.
    TSLV - enter code received from mobile.png
    TSLV - enter code received on phone call.png
  5. Once the code has been verified, access will be granted to Egnyte.

 

Login to the Desktop App

Once TSLV has been set up through the Web UI, it can be used to log in to the Desktop App. Users will get the TFA popup only while adding or authenticating a drive.

To verify the account, users can choose one of the following methods:

  • Mobile Push
  • Passcode
  • Phone Number (VoiceCall or SMS). Note that this option is not available with the Basic Two-Factor Authentication

Screen_Shot_2019-06-03_at_10.59.28_AM.png

 

Disable Two-Step Login Verification

While users can set up and configure the two-step login verification (aka TFA) as another layer of security while logging in, they can always disable it if they want to.

To disable two-step login verification:

  1. Navigate to Settings -> My Profile -> My Preferences -> Security
  2. Disable the Two-step login verification toggle.
  3. Click on Save

TSLV - disable TSLV from profile.png

On saving the preferences with two-step login verification disabled, the system will check when was the last time user’s identity was confirmed using two-step login verification. 

If the user’s identity was last confirmed within the last 60 minutes, the user will be allowed to disable two-step login verification without any additional identity confirmation. 

However, if the last identity confirmation was performed more than 60 minutes ago, the user will be asked to log in again and confirm their identity before the two-step login verification can be disabled as shown below.  

TSLV - reauthentication popup before disabling.png

When the user opts to re-login, the user’s identity is confirmed using the two-step login verification after the user logs back in. 

TSLV - re-verify TFA to disable authentication.png

Post identify confirmation, the user will be redirected to the preferences screen where they will get the option to disable the two-step login verification as shown below.  

TSLV - Confirm disabling TFA.png

The two-step login verification will be disabled only if the user selects the Disable Now button from the above step. 

Users can enable two-step login verification at any point in time.

 

Admin Features

Enable TSLV for users

Administrators of accounts that are on one of the "platform" plans can mandate two-step login verification for their users. This option can be found in Settings -> Configuration -> Security & Authentication ->Two-step login verification section. Users will be required to configure TSLV upon their next login.
TSLV - enfore TFA for users.pngAdmins can limit the users that are required to use TSLV by selecting the appropriate option from the 'Require two-step login verification for' dropdown. The options available are All Users, Admins & Power Users only, and Standard Users only. Save the changes after selecting the option.

TSLV - select class of users to enforce TFA.png

Once selected and saved, every user of that type will need to use TSLV to log in. Users who authenticate via Single Sign-On can be excluded.  No other exceptions are possible. 

TSLV - exclude SSO users.png

If the Admin wants only specific users to use TSLV, they can enable two-step login verification in the user's profile from the Users & Groups tab.

To know if an Admin or the Power User has enabled TSLV, run a User Provisioning Report.

TSLV -  user provisioning report.png

 

Resetting a User's TSLV Settings

If a user loses their phone used for TSLV or needs to change the phone number associated with it, the admin can reset their account’s TSLV by going to their user details screen and selecting the Reset option next to Two-Step Login Verification.

TSLV - reset TSLV.png

Even if the admin does not mandate TSLV, individual users in the Egnyte domain can still opt into the feature. If the admin no longer requires users to have TSLV, users who previously opted in on their own will still have TSLV enabled.

 

Enabling the "Remember Me" and "Trusted Networks" Capabilities

The security level associated with TSLV can be customized in the Security & Authentication settings. For example, login verification may not be required for every login from a work computer, but it would be necessary when logging in from a hotel business center computer. Egnyte provides a Remember this Device setting that allows users to defer the requirement to verify their login for a certain device for a specified period. Once the setting is enabled, the duration for which devices can be remembered can be configured.

TSLV - remember me.png

Admins can also enter IP addresses or IP address ranges in the Trusted Networks field. Users logging into Egnyte from these IPs will not need to verify their login.

Internal IP address(es) are not supported with the Trusted networks feature.
Individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation) can be entered, ensuring each address or range is separated with a comma.

 

Additional Resources

Authy Two-Step Login Verification - FAQs

 

Was this article helpful?
0 out of 2 found this helpful

For technical assistance, please contact us.