This guide will walk you through the steps to enable 2FA for the admins of your MSSP. 2FA provides an extra layer of protection for your account, making it more resilient against unauthorized access and potential security breaches.
The need for Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is a security feature that requires users to provide two forms of identification before gaining access to their account. Typically, this includes something the user knows (like a password) and something the user has (like a mobile device or a security token).
Our 2FA implementation uses a time-based one-time password (TOTP) generated by an authenticator app (Google/Microsoft authenticator) on your mobile device. This makes it a convenient and secure method to protect your account.
How to enable Two-Factor authentication on your MSSP Dashboard?
To enable Two-Factor Authentication (2FA) for your account, start by logging in using your registered email or username along with your password. Once logged in, navigate to your profile section within the application. Look for the option labeled "Enable Two-Factor Authentication". You'll find a toggle switch associated with it. Click on the switch to turn on Two-Factor Authentication for your account. From now on, whenever you log in, the system will require you to provide an additional verification method to ensure the security of your account. This extra layer of protection significantly enhances the safety of your personal information and helps prevent unauthorized access to your account.
How to enforce 2FA enablement for all MSSP admins/ sub-admins
As the super admin, you have the authority to ensure enhanced security for all administrators by enforcing Two-Factor Authentication (2FA). By enabling this feature, you add an extra layer of protection to their accounts. To enforce 2FA for all admins, log in to your super admin account and access the Administration section. From there, navigate to the Settings page, where you'll find the option labeled "Force two-factor authentication". By checking this option, all administrators will be required to enable 2FA once they sign in. This measure significantly bolsters the overall security posture of your organization, protecting against potential unauthorized access and potential security threats. Additionally, as the super admin, you also have the flexibility to individually enable or disable the enforcement of 2FA for specific admins based on specific security requirements.
By turning on the enforcement button, the affected admins are prompted to activate their 2FA once they login into their account.
How to Enable/Disable 2FA Enforcement for Individual Admins
As the MSSP super admin, you can enable or disable 2FA enforcement for individual MSSP admins. Here's how:
- Log in to your account as the super admin.
- Go to the "Administration" and choose “Admin Management".
- Locate the admin for whom you want to enable or disable 2FA.
- Click on the edit button.
- Look for the "Enforce 2FA" option.
- Set the button and save the form
Initiating a 2FA Reset Request
When an admin needs to reset their 2FA settings, they can follow these steps:
- Attempt to log in to their account as usual.
- If 2FA is enabled, they will be prompted to enter their 2FA security code generated by their authenticator app.
- Below the 2FA security code field, there will be an option to "Request 2FA Reset."
- Clicking on "Request 2FA Reset" will trigger a notification to the super admin of the account.
Handling 2FA Reset Requests as the Super Admin
As the super admin of the account, you will receive a notification when an admin initiates a 2FA reset request. To handle these requests, follow these steps:
- Log in to your account as the super admin.
- Navigate to the "Administration" and then choose "Admin Management".
- Look for the yellow badges on the "2FA Activation" column and click on the reset button.
After approving the request, the admin's 2FA settings will be reset, allowing them to set up 2FA again during their next login.
