10
Two factor Authentication for admin
Question asked by rishikesh Somshetti - 5/18/2021 at 10:51 AM
Answered
Two-factor Authentication is a good feature added in SmarterMail but we do not see it being added for admin users. Also, the admin login IP restriction which was available in SmarterMail 15.x is missing in SmarterMail 17.x. What additional mechanism SmarterMail 17.x has to protect these important accounts?

Regards,

Regards,
 
Rishikesh Somshetti

NetGains Technologies Pvt Ltd.,
Website: www.netgainstechnologies.com

12 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post Marked As Answer
2FA is not available for system administrators at this time. IP Restriction is still possible, and can be found within the user configuration in Settings>Administrators:
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
7
Netmate Replied
Please add 2FA for system administrators ASAP. Few of our prospective customers rejected SmarterMail due to lack of this feature.
0
Manuel Martins Replied
+1
4
Ionel Aurelian Rau Replied
In fact 2FA should be supported for all web logins, period. We too have this requirement and SmarterMail is the only Internet facing service that still does not fully support it (2FA only works for normal users with non-AD synced accounts). 
Ideally, 2FA should be overhauled to cover all logins (internal and AD accounts, normal and admin users). If anyone else also finds this useful, please also upvote this thread: https://portal.smartertools.com/community/a94026/2-factor-authentication-for-smartermail-with-active-directory-accounts.aspx
4
Netmate Replied
While showing demo of SmarterMail to prospective customers, most of them ask one simple question. Why SmarterMail supports 2FA for simple user accounts, but not for the all powerful System Admin accounts? Sadly, we have no answer to that question.
0
rishikesh Somshetti Replied
We have upgraded SM to the latest SmarterMail Enterprise 100.0.7817.31698 (May 27, 2021). But still cannot see this. We did a fresh installation on another machine the feature is visible there but not on the upgraded SmarterMail.

It will also be a good idea to have a separate URL for admin which will enable us to put additional third-party two-actor authentication if required.

2
Heimir Eidskrem Replied
I have no idea why Smartermail thought it was a good idea to implement 2FA for users but not administrators.
Strange I think and Im not alone in thinking that.

So you will not find what you are looking for in the latest version.
 

3
Ionel Aurelian Rau Replied
Indeed, the whole 2FA should be overhauled.

Also, do not forget that you cannot enable 2FA for Active Directory imported accounts either, so 2FA right now is really limited in scope. Please also upvote this thread: https://portal.smartertools.com/community/a94026/2-factor-authentication-for-smartermail-with-active-directory-accounts.aspx

Hopefully the whole 2FA is redone to cover all SmarterMail logins, regardless of account types.
1
Apilion Replied
Dear Smartermail Team

Yes please, add two-factor authentication for the admin user and let admin username could be change not using default admin but as the customer wanted to be what is it.

Using admin as a username is very easy to guess.

I really need to change this mail server because of there is no option for this and have using it for more than 10 years now :-(

0
Employee Replied
Employee Post
Apilion, you can make another sys admin account with whatever username you desire, set that as the primary sys admin account, then remove the built-in admin account.
0
Emily Ward Replied
Employee Post
Apilion,

In the current build of SmarterMail you can also change the primary admin username just by editing it the primary admin entry in Settings > Administrators. Once you change the username you will need to log out and log back in with the new username.
Emily Ward
Customer Relations and Partner Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Apilion Replied
Hi Emily and Robert

Thanks for your advice, I could change the username for admin.

Cheers

Reply to Thread