For an added layer of security, you can make multi-factor authentication (MFA) mandatory for all users in your account.
MFA, sometimes referred to as two-factor authentication or 2FA, is a two-step verification process that is focused on helping secure access to the user's account. It's easy to set up MFA. To sign in, all the user will need is access to their mobile phone.
- You must have Administrator level access to turn on this setting.
- You can review the list under Account > Users to check which users have already enabled MFA prior to making it a policy. If an MFA padlock icon is open, it means the user hasn't set up their MFA yet.
- Click Account from the top navigation bar.
- Click Settings from the sidebar.
- Click the Authentication tab.
- Check the Require MFA for access to this account box.
- Click Save.
Once you make this change, anyone who has MFA disabled will be prompted to set up MFA as soon as they try to sign in.
If you turn off enforced MFA later, this does not turn off MFA for users that have already set it up.
How does SSO and enforced MFA work together?
You can have both single-sign on (SSO) and enforced MFA turned on in your IT Glue account, plus set MFA up through your SSO provider. This gives you the highest security for an SSO enabled IT Glue account, by making sure that only users with MFA set up have the ability to sign in.
What happens when someone is locked out?
An Administrator can reset the user's MFA from the Account > Users screen. Find the user's name and click the (pencil icon) on the far right. On the Edit User screen, click the Reset MFA link to immediately reset the user's MFA.
You can find other MFA troubleshooting help in our Troubleshooting MFA sign-in article.