Managing two-factor authentication for user accounts
To view the two-authentication status for a specific account, follow the steps below:
Log in to the GravityZoneControl Center with an administrator account.
Go to the Accounts page from the left side menu.
A table is displayed, containing all the user accounts that have been created on your managed companies.
You can view the two-authentication status for each account under the 2FA column.
Tip
You can only view and manage other user accounts from the Accounts page. To revoke browsers, and reset for your own account, go to the Welcome, [username] > My Account page.
To reset 2FA for your account, contact your GravityZone administrator. You cannot reset 2FA for your account by yourself.
Contact your GravityZone administrator also when your device is lost, stolen, or replaced. After reset, you will be able to reconfigure 2FA with your new device.
Change 2FA settings for a specific account
To change 2FA settings for a specific user account, follow the steps below:
While still on the Accounts page, locate the user you wish to edit and click the link under the Full Name column.
Scroll down to the Login Security section.
The following actions are available for two-factor authentication:
Revoke trust for browsers
Use this option to revoke the trust of all browsers on all devices that skip the six-digit code when connecting to Control Center. Follow the steps below:
Enter your GravityZone password under Your GravityZone password*.
Note
This step is not required for users who use a single sign-on (SSO) to sign in.
Click the Revoke all browsers button.
Select Revoke.
After revoking all browsers, the user need to enter the six-digit code again when connecting to Control Center. Users who previously enabled the Trust this browser option on the GravityZone login page have to enter the authentication code again.
Reset user's two-factor authentication
Use this option when users have changed or wiped the devices that hosted the authenticator, and they lost the secret key. Follow the steps below:
Enter your GravityZone password under Your GravityZone password*.
Note
This step is not required for users who use a single sign-on (SSO) to sign in.
Click the Reset 2FA button.
Select Reset.
After resetting 2FA, a configuration window will prompt the user at login to configure again the two-factor authentication with a new secret key. For details on how to enable 2FA, refer to Connecting to Control Center.
Check 2FA related user activity
To check the 2FA changes related to user accounts, access the Accounts > User Activity page and filter the activity logs using the following filters:
Area: Accounts/Company
Action: Edited
For information about 2FA on your account, refer to Manage your account.
Important
The authentication app of choice (Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator - compatible with the standard RFC6238 combines the secret key with the device’s current timestamp to generate the six-digit code.
Be aware that the time-stamps on both device and the GravityZone appliance have to match for the six-digit code to be valid. To avoid any time-stamps synchronization issue, we recommend enabling the automatic date and time setting on the device.
Video
Watch a full video tutorial on the topic here: