Enable/disable two-factor authentication by role

You can enable or disable two-factor authentication at the role level, which overrides any setting you made at the system level.

Warning

Enabling two-factor authentication for a role locks all accounts associated with that role until the users are able to enter an authentication password. Ensure that your users are trained and have an authenticator installed on their phones before enabling two-factor authentication at the role level.

To enable or disable two-factor authentication at the role level:

Click menu > Admin > Users & Roles
In the Roles widget, select the role for which you want to enable or disable two-factor authentication.
Toward the right of the widget, select more_horiz> Advanced.
From the Two-Factor Authentication Required field, select one of the following:
- Default—Two-factor authentication setting for the role’s users is the same as at the site level.
- Required—Role’s users need two-factor authentication to log in.
- Not Required—Role’s users do not need two-factor authentication to log in.
Click Save.

Note

Individual users can enable two-factor authentication even if it is not required at the role level. For details, see Enabling two-factor authentication in your profile.

Previous Topic

Enable/disable two-factor authentication for all users

Next Topic

First login with two-factor authentication