Two-Factor Authentication (TFA)
Recent security breaches around the world have called for the need to be more cautious about securing customer data in their environment. The majority of these breaches are due to compromised passwords and unused account privileges.
Since Endpoint Central plays a major role in managing the endpoints in a customer's network, we have enforced our customers to enable Two-Factor Authentication which provides an additional layer of security to validate the user's authenticity.
Enable Two-Factor Authentication
When you enable Two-Factor Authentication, all the users will be required to provide an additional security code to login and access the product. To enable TFA,
- Log in to the product
- Navigate to Admin tab -> User Administration -> Secure Authentication
- Enable Authentication and choose the mode of authentication using which you want to be authenticated
Using an Authenticator App
The authenticator app can be Zoho OneAuth, Google Authenticator, MS Auth, DUO Auth, etc.
If you choose to use an authenticator app, please install the authenticator app on your smart phone and map the product server details to the authenticator app, which is a one time process. You can use the OTP generated on the app, as an additional layer of security, to login to the product. OTP can be generated anytime, anywhere.
Here are the download links to a few commonly used authenticator apps:
- TOTP code does not require any internet connection. All data is generated in the On-Premise server
- If the user has deleted the Endpoint Central account on the authenticator app, then the user should contact the administrator to restore Two-Factor Authentication using the same app. Administrator can resend the QR code to restore the authenticator app from here: Admin -> User Management -> Actions (Under the appropriate user) -> Resend QR code
When you choose email as a mode for two-factor authentication, the OTP will be generated and sent to the user's registered email address. User will have to use the OTP received in the email in addition to the regular password. User should have access to email, in order to access the product server. Every generated OTP is valid for 15 minutes from the generation. You can save the OTP for specific browsers for (n) specified days.
1. Can I disable TFA after it is enabled?
No. As a part of security enforcement, TFA cannot be disabled once it is enabled. However, you can contact our Support in any case of trouble with TFA.
Refer to this document
to know more about configuring the Authenticator app for two-factor authentication.