Enable multi-factor authentication
To enable multi-factor authentication (MFA) for a company:
-
Sign in to your account in the Dashboard.
-
Go to Settings › Multi-Factor Authentication.
-
On the Company tab, select Enable multi-factor authentication, set scope of authentication and one-time password verification, and then click Save.
Set scope of authentication
You can set MFA to apply only to your direct accounts, or through the whole hierarchy as well—that is, for accounts in your companies, sub-companies, and so on.
A sub-company has an option to override the MFA settings configured by the company it belongs to.
To turn MFA on for the hierarchy, select Enable multi-factor authentication through hierarchy, and then select one of the options in the drop-down list.
Option | Description |
---|---|
All users | MFA applies to all accounts that log in both to Online Backup and Recovery Manager (OBRM) and to the Dashboard |
All Dashboard users | MFA applies to all accounts that log in to the Dashboard |
Dashboard admins only | MFA applies only to accounts with admin role that log in to the Dashboard |
Backup accounts only | MFA applies only to accounts that log in to OBRM |
If you select All users or Backup accounts only, only the authorized accounts can back up and restore their data on a device.
To authorize an account on a device, the account must log in to OBRM, and complete the MFA process. If successful, the account will be authorized permanently on the device, and no one-time password will be required later.
All backups configured by an account prior to MFA will fail until you authorize that account on the device.
Set one-time password verification
The system sends a random one-time password (OTP) to a backup account to verify their login. You can select the way your accounts receive the password, either by email or in a text message (SMS). For newly created accounts, the selected method applies by default.
If the selected method fails, the system automatically tries the other one.
To receive OTP and verify the login, accounts must have their email addresses and phone numbers specified. (Phone numbers must be in the standard format.)
If an account does not have an email address or a phone number entered, the system shows a warning with the relevant information.