Managing two-factor configuration for users

You can monitor two-factor authentication settings for all your users and reset the settings on the Users tab in the management portal.

Monitoring

In the management portal on the Users tab, you can see a list of all your organization users. The 2FA status reflects if the two-factor configuration is set up for a user.

To reset two-factor authentication for a user

  1. In the management portal on the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  2. Click Reset two-factor authentication.
  3. Enter the TOTP code generated in the authentication application on your second-factor device and click Reset.

As a result, the user will be able to set up two-factor authentication again.

To reset the trusted browsers for a user

  1. In the management portal on the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  2. Click Reset all trusted browsers.
  3. Enter the TOTP code generated in the authentication application on your second-factor device, and then click Reset.

The user for whom you have reset all trusted browsers will have to provide the TOTP code on the next login.

Users can reset all trusted browsers and reset two-factor authentication settings by themselves. This can be done when they log in to the system, by clicking the respective link and entering the TOTP code to confirm the operation.

To disable two-factor authentication for a user

You may need to disable two-factor authentication for a user while the rest users of the account will use two-factor authentication. This is needed in case this user is used to access the API.

Do not switch normal users to service users in order to disable two-factor authentication, otherwise the users may not be able to log in.

  1. In the management portal on the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  2. Click Mark as service account. As a result, a user gets a special two-factor authentication status called Service account.
  3. [If at least one user within a tenant has configured two-factor authentication] Enter the TOTP code generated in the authentication application on your second-factor device to confirm disabling.

To enable two-factor authentication for a user

You may need to enable two-factor authentication for a particular user for whom you have disabled it previously.

  1. In the management portal on the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  2. Click Mark as regular account. As a result, a user will have to set up two-factor authentication or provide the TOTP code when entering the system.