Skip to main content

CLOUD SOLUTIONS

Managing two-factor authentication for user accounts

By clicking a username in the Accounts page, you are able to view the two-factor authentication status under the Login Security section and take certain actions.

Revoke trust for browsers and reset 2FA

The following actions are available for two-factor authentication:

  • Reset all browsers. Use this option to revoke the trust of all browsers on all devices that skip the six-digit code when connecting to Control Center. After revoking, users who previously enabled the Trust this browser option on the GravityZone login page have to enter the authentication code again.

    To revoke the trust of all browsers:

    1. Enter your GravityZone password.

      GravityZone does not ask for password to forget remembered devices or reset 2FA when you use single sign-on (SSO) for your account.

    2. Click the Revoke all browsers button.

    3. Confirm your action.

      After revoking all browsers, the user need to enter the six-digit code again when connecting to Control Center.

  • Reset user's two-factor authentication. Use this option when users have changed or wiped the devices that hosted the authenticator, and they lost the secret key.

    To reset 2FA for the current user:

    1. Enter your GravityZone password.

      GravityZone does not ask for password to forget remembered devices or reset 2FA when you use single sign-on (SSO) for your account.

    2. Click the Reset 2FA button.

    3. Confirm you action.

      After resetting 2FA when this feature is enforced, at login, a configuration window will prompt the user to configure again the two-factor authentication with a new secret key.

      accounts-2fa-revoke-reset.png

    Important

    Two-factor authentication is enforced by default in GravityZone Cloud platform and you cannot disable it.

    Note

    If you have a company administrator account, you may turn two-factor authentication mandatory for all GravityZone accounts in your company. For more information, refer to this section.

Important

The authentication app of choice (Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator - compatible with the standard RFC6238 combines the secret key with the device’s current timestamp to generate the six-digit code.

Be aware that the time-stamps on both device and the GravityZone appliance have to match for the six-digit code to be valid. To avoid any time-stamps synchronization issue, we recommend enabling the automatic date and time setting on the device.

To check the 2FA changes related to user accounts, access the Accounts > User Activity page and filter the activity logs using the following filters:

  • Area: Accounts/Company

  • Action: Edited

For information about 2FA on your account, refer to Manage your account.