Back to Community Threads
2FA Turning on and Reporting
Question asked by Kirsten Curry - Today at 3:41 PM
Answered
K
I’m working on deploying 2FA across our organization and want to confirm my understanding of how it functions in your platform.

From what I can see, it appears that:
  1. We are not able to enforce 2FA organization-wide; instead, we must rely on individual team members to turn it on themselves. Is that correct?
  2. Team members can disable 2FA at any time through their own account settings, without any administrative visibility. Is that accurate?
  3. There does not appear to be any reporting or administrative dashboard that allows us to monitor which users have enabled or disabled 2FA. Can you confirm?
If my understanding is correct, this presents a significant security risk for our organization. Enforceable and auditable 2FA is a standard expectation for business platforms, so I want to ensure I’m not overlooking any capabilities that would allow us to manage or monitor this more effectively.
Andrew Barker Replied
Today at 3:59 PM
Employee Post Marked As Answer
There is a setting at the domain level to force users to configure 2FA authentication. Look for "Force two-factor authentication" on the General domain settings page, in the User/Alias card. Once this is enabled, users in the domain will be forced to configure 2FA the next time they log into the web interface.

When the domain setting is enabled, users will not be able to disable 2FA once it is configured. An administrator with the necessary privileges can reset the user's 2FA, which will require the user to reconfigure 2FA the next time they log into webmail.

The accounts page is probably the best place to determine which users have configured 2FA. Those who have configured 2FA will have an icon next to their username, as shown in this screenshot:
Andrew Barker Lead Software Developer SmarterTools Inc. www.smartertools.com
Andrew Barker Replied
Today at 4:01 PM
Employee Post
I forgot that the Password Requirements page, both at the system and domain levels, will show which users have 2FA configured on the Password Age tab. There, the 2FA is a sortable column, so this is probably better than the accounts page for auditing purposes
Andrew Barker Lead Software Developer SmarterTools Inc. www.smartertools.com
K
Kirsten Curry Replied
Today at 4:55 PM
Andrew - Where do I find the General Domain Page, have looked everywhere and unable to locate?
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Translation Files for Older VersionsGeneral Topics
Query String Length Exceeds Maximum LengthSmarterTrack > Server Configuration and Management
Setting Up Two-Factor Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
Re-create the Default Custom Report: Site ActivitySmarterStats > Installation and Configuration