Managing two-factor authentication for user accounts
By clicking a username in the Accounts page in GravityZone Control Center, you are able to view its two-factor authentication status under the Login Security section and take certain actions on that account.
Note
On the Accounts page you revoke browsers and reset 2FA for other users, not for your own account. To revoke browsers for your account, go to the Welcome, [usermane] > My Account page.
To reset 2FA for your account, contact your GravityZone administrator. You cannot reset 2FA for your account by yourself.
Revoke trust for browsers and reset 2FA
The following actions are available for two-factor authentication:
Revoke all browsers. Use this option to revoke the trust of all browsers on all devices that skip the six-digit code when connecting to Control Center. After revoking, users who previously enabled the Trust this browser option on the GravityZone login page have to enter the authentication code again.
To revoke the trust of all browsers:
Enter your GravityZone password.
GravityZone does not ask for password to revoke trusted browsers or reset 2FA when you use single sign-on (SSO) for your account.
Click the Revoke all browsers button.
Confirm your action.
After revoking all browsers, the user need to enter the six-digit code again when connecting to Control Center.
Reset user's two-factor authentication. Use this option when users have changed or wiped the devices that hosted the authenticator, and they lost the secret key.
To reset 2FA for a user, follow these steps:
Enter your GravityZone password.
GravityZone does not ask for password to revoke trusted browsers or reset 2FA when you use single sign-on (SSO) for your account.
Click the Reset 2FA button.
Confirm you action.
After resetting 2FA, a configuration window will prompt the user at login to configure again the two-factor authentication with a new secret key.
Important
Two-factor authentication is enforced by default in GravityZone Cloud platform and you cannot disable it.
To check the 2FA changes related to user accounts, access the Accounts > User Activity page and filter the activity logs using the following filters:
Area: Accounts/Company
Action: Edited
For information about 2FA on your account, refer to Manage your account.
Important
The authentication app of choice (Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator - compatible with the standard RFC6238 combines the secret key with the device’s current timestamp to generate the six-digit code.
Be aware that the time-stamps on both device and the GravityZone appliance have to match for the six-digit code to be valid. To avoid any time-stamps synchronization issue, we recommend enabling the automatic date and time setting on the device.