SendSafely Enterprise Administrators have the option to enforce two step authentication across all users in their portal from the Enterprise Console. When enabled, all new users must turn on two step authentication as part of the new user registration process. SendSafely's two step login feature supports both SMS verification and mobile authenticator apps like Google Authenticator, Duo Mobile, Authy and Windows Phone Authenticator. Two step authentication is only enforced when users authenticate using a SendSafely username and password. Two step authentication is not enforced when logging in via Single Sign On or using your Google account
To require users configure two step authentication, Administrators should take the following steps:
- Go to the Enterprise Console and scroll down to Site Configuration Options
- Check the box next to Require Two Step Authentication for Registered Users
- Press the Save Changes button
In order to enable this setting, all existing users who log in with a username and password must already have two step login configured (users authenticating using Google Auth or SSO are excluded from this requirement). Administrators can view two step configuration status from the Active Users list as shown below:
If you have existing users that have not already enabled two step login, you can enable this feature on their behalf from the Enterprise Console. If you click the user's row in the Active Users listing, you will see a switch that allows you to turn on two step login (see below). Note that you are required to provide the user's mobile phone number when enabling this feature on their behalf.
Once enabled at the enterprise level, all new users registering with a username and password will be required to set up two step authentication (SMS verification) on the Account Registration screen.
End-users can optionally continue on to set up an authenticator app as an alternative method of two step authentication from the Login Options tab on the Edit Profile screen. Further guidance on this process is available here.
If you are an enterprise administrator and would like assistance with enabling this option, please contact firstname.lastname@example.org