Ask the Community
Groups
Turning on enforced MFA for all users - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>For an added layer of security, you can make multi-factor authentication (MFA) mandatory for all users in your IT Glue account as well as your clients' MyGlue accounts.</p> <p>MFA, sometimes referred to as two-factor authentication or 2FA, is a two-step verification process focused on helping secure access to user accounts.</p> <p>Prerequisites</p> <ul><li>You must have Administrator or Manager-level access to turn on this setting.</li> <li>You can review the list under <strong>Account > Users</strong> to check which users have already enabled MFA prior to making it a policy. If an MFA padlock icon is open, it means the user hasn't set up their MFA yet.</li> <li>All account users must have a cellphone that can run an MFA provider's app. Please see our <a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/itglue/hc/en-us/articles/360004933757-Set-up-multi-factor-authentication-MFA-" rel="noopener nofollow">Setup multi-factor authentication (MFA)</a> KB article for suggestions on compatible apps.</li> </ul><div> <strong>Note:</strong> Keep in mind that if you enforce MFA, then IT Glue Lite users must also enable it to log in.</div> <p>Instructions</p> <p><strong>Enforce MFA for IT Glue</strong></p> <ol><li>Log in to your IT Glue account and navigate to <strong>Account > Settings</strong>.</li> <li>Click the <strong>Authentication</strong> tab and select the <strong>Require MFA for access to this account</strong> checkbox. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/DZL3O5PSQIIU/account-settings-it-glue.png" alt="Account_Settings___IT_Glue.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Click <strong>Save</strong>.</li> </ol><p>Next time users log in, they will be prompted to set up MFA if they haven't already. If you disable enforced MFA, it remains enabled for users until they disable it from their account settings.</p> <p style="text-align: center;"><iframe title="vimeo-player" src="https://player.vimeo.com/video/712897441?h=da583409f4" width="800" height="600" frameborder="0" allowfullscreen="allowfullscreen" class="importedEmbed-iframe"></iframe></p> <p> </p> <p><strong>Enforce MFA for MyGlue</strong></p> <p>You can turn on MFA for a MyGlue account when configuring the account, or be editing an existing account. To get started, follow the steps below:</p> <ol><li>Navigate to <strong>Account > MyGlue</strong>. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/TCDVEOVTFCGV/myglue-it-glue.png" alt="MyGlue___IT_Glue.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Click the <strong>Action</strong> button and select <strong>Edit</strong> on the organization you want to enforce MFA for. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/UTHL0E6KW2LA/myglue-it-glue-2.png" alt="MyGlue___IT_Glue-2.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>On the <strong>Edit MyGlue Account</strong> screen, check <strong>Require MFA for access to this MyGlue account</strong> and click <strong>Save</strong>. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/H1L6857C6GS0/edit-account-it-glue-png.png" alt="Edit_Account___IT_Glue_png.png" class="embedImage-img importedEmbed-img"></img></p> </li> </ol><p>Common Questions</p> <div> <div> <div> <p><strong>How do SSO and enforced MFA work together?</strong></p> </div> <div> <p>You can have both single-sign on (SSO) and enforced MFA turned on in your IT Glue account, plus set MFA up through your SSO provider. This gives you the highest security for an SSO enabled IT Glue account, by making sure that only users with MFA set up have the ability to log in.</p> </div> </div> <div> <div> <p><strong>What happens when someone is locked out?</strong></p> </div> <div> <p>An Administrator can reset the user's MFA from the <strong>Account > Users</strong> screen. Find the user's name and click the <img src="https://us.v-cdn.net/6032361/uploads/migrated/9S1WL8UBD1QV/pencil-icon.png" alt="pencil_icon.png" class="embedImage-img importedEmbed-img"></img> (pencil icon) on the far right. On the Edit User screen, click the Reset MFA link to immediately reset the user's MFA.</p> </div> </div> </div> <p>You can find other MFA troubleshooting help in our <a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/itglue/hc/en-us/articles/360004935277">Troubleshooting MFA login</a> article.</p> </article> </main>