2
Is There a Secret to Enabling Two-Step Authentication (2FA)
Question asked by Matthew Mills - 3/15/2022 at 8:10 AM
Answered
I have enabled (not forced) 2FA for one of my domains.  When I log in as a user in that domain and go to settings I have no card for 2FA.

I restarted the SM service (latest version) and have looked everywhere I can think of.

Can anyone suggest what I might be missing (that I am sure is in plain sight)?  I don't think this rises to the level of a support ticket just yet.

5 Replies

Reply to Thread
0
Tony Scholz Replied
Employee Post Marked As Answer
Hello Matthew, 

When setting up 2FA ( Two-Factor Authentication ) you will need to enable it for the domain;


If you impersonate a user this option is not available. 


This can only be set up when logged in as the end user. 


I hope this helps. 

Thank you
Tony
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Matthew Mills Replied
Tony,

It's nice to know I didn't miss anything,  But...it's not there.  I did enable 2FA as the admin and then I logged in as the user (myself, not impersonating).  I tried two browsers, but no 2 FA card.

Sooooo...

The account with which I was testing is AD authenticated.  I added 2FA to an SM authenticated account and logged in, and the card was there.  The issue is thus the AD auth.

Should this option be available for AD authentication, or is that not possible?

Thanks,
Matthew
0
Tony Scholz Replied
Employee Post
Hello Matthew, 

You are correct, this option is not currently supported for AD authenticated accounts and will only show up for SmarterMail authenticated accounts. 

Thank you
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Matthew Mills Replied
Thank you.  Do you expect that it might make it into AD authenticated accounts in the future?
0
Given that Active Directory is it's own, separate authentication provider I believe you would have to look at products/services that add 2FA/MFA support specifically for AD (AuthLite, UserLock, Duo, etc). Just be sure whatever you are looking at supports MFA login from external sources via LDAP (such as SmarterMail).

Reply to Thread