2-Step Verification (also known as 2FA or 2 Factor Authentication) is a security feature that requires a user to complete 2 steps in order to login. The user must provide a valid password and then use another personal contact method (such as a mobile phone) to verify that they requested access.
Therefore, if a user's password is compromised, anyone else looking to access the account would be blocked (regardless of whether they entered the correct password or not).
On the Password tab (Administrate > Security), you will see the 2-Step Verification section that allows you to set verification options for a selected Organizational Unit or Smart Team.
2-Step Verification can be:
- Organizational Units - Set for the root OU and inherited, or explicitly set for each OU.
- Smart Teams - Set to Enable to apply the policy to all users in the Smart Team, or to Disable to force the user's verification options to be set by the next Smart Team (set to Enable) they are part of, or the Organizational Unit if the user isn't part of any enabled Smart Team.
You can set the following options:
- Apply Signature
- Re-challenge User - Set how often the user will be challenged with 2-Step Verification when accessing CloudM Manage. The options are On each login, Every day, Every week or Every Month.
- Mandatory Enforced From - Set the date from which 2-Step Verification will be mandatory for all users within the Organizational Unit or Smart Team.
- New User Grace Period - Set the amount of time that a new user will not be challenged. The options range from 1 day to 7 days.