Configuring 2 Step Authentication

What Is 2 Step Authentication?

2 step authentication can be used to help protect your organization from unauthorized access by requiring two methods (authentication factors) to verify users’ identity when logging into your service. 2 step authentication helps protect against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

What Happens When You Turn On 2 Step Authentication?

Authentication Method: SMS

Once 2 step authentication has been enabled for your organization, whenever a user attempts to log in, they will be prompted to enter both their password and a passcode sent to their mobile number.

2FA

When a user has successfully logged in, they will not be prompted to enter another passcode for 12 hours, however, if a user clears their browser cookies, they will be prompted to enter a new passcode upon their next login.

Important: To ensure users can receive a passcode via the SMS authentication method, all in-scope users must have a valid mobile number assigned to their account. In the absence of a valid mobile number, users will be unable to log in if two-step authentication is enabled.

How Do I Enable 2 Step Authentication?

Enable Two-Step Authentication

  1. Navigate to Administration > Account Management > Authentication

    clipboard_e096bd79146d7a0ef91a958a8d54873b6.png
  2. Click Manage 2 Step Authenticationclipboard_e142d16dd64685c538cf163767744f246.png
  3. Click the toggle to enable 2 Step Authentication
    clipboard_ef4893f9608929714de86a8e050609207.png
  4. Choose the users that you want to include in 2 step authentication scope: All users – All users within the organization will need to enter a passcode upon logging in.
    Admin Only – Only Admin users within the organization will need to enter a passcode upon logging in.
    clipboard_ed22293f8da3e503ac3ca5c10ca2ef021.png
  5. Click Save
  6. Click Confirm on the Update summary.
    clipboard_efa072543b2a321d0cd321c1c29edeaff.png

How Do I Disable 2 Step Authentication?

Disable Two-Step Authentication

  1. Navigate to Administration > Account Management > Authentication
    clipboard_e096bd79146d7a0ef91a958a8d54873b6.png
  2. Click Manage 2 Step AuthenticationDisable Proofpoint 2FA
  3. Click the toggle to disable 2 Step Authentication
    clipboard_eb0db7f7b0b0568045caaf73f5d973b7e.png
  4. Click Save
  5. Click Confirm on the Update summary.

FAQ

How will I know if two-step authentication is enabled or disabled?
Navigate to Administration > Account Management > Authentication and check the status of the setting in the 2 step authentication section – Enabled (Green) or Disabled (Grey).

Will I receive any notifications if two-step authentication settings have changed?
Yes, upon changing the status or scope of 2 step authentication, an email will be sent to the organization tech contact informing them of the change.

How can I update a user’s phone numbers to use the SMS authentication factor?
Locate the user then navigate to Profile Page > Mobile Number.

Will a user’s mobile numbers sync over Active Directory or Azure Directory sync?
Yes, we sync both Active Directory and Azure Directory mobile number fields.

Will CSV Import support the ability to add a mobile number?
Yes, we’ve extended CSV Import to include a new mobile number field.

Do all my users need a valid phone number to login if 2 step authentication is enabled?
Yes, please ensure all in-scope user accounts (including your own) have a valid mobile number. Users without a valid mobile number will not receive a one-time passcode and will be unable to log in.

If I have an account on multiple sites, will I be prompted to enter a passcode for each account?
To ensure a greater security posture across all sites, if you have multiple accounts, you will be required to enter a passcode when logging in, per account, per site.  Upon successful login, you will not be prompted to enter another passcode for 12 hours.

Can I reset my password when 2 step authentication is turned on?
Yes, users can use the existing reset password functionality to reset their password over email. If 2 step authentication is enabled with SMS as the authentication method, users will not have the option to reset their password via SMS.