MFA on by default? Global enforcement of MFA?
E
Eric Buhrendorf
I might not be seeing it but it seems that MFA can't be enforced globally for all users. Why isn't this just on by default?? It's 2022.
Log In
Jason Casuga
Jason Langenauer
When the users accept their invitation (i.e. when they set a password), TimeZest will require them to configure 2FA as part of that process if the "require 2FA for all users" option is set.
E
Eric Buhrendorf
Jason Langenauer: Hey Jason thanks for the note - I see the Email Domain for Auto Sign up in Security & Permissions but I don't want to invite every domain user and I don't see a button or option in the Users section to send invites to approved users.
Further, 2FA can't be enabled for users it seems, unless they log in or are invited first...
The only global 2FA setting is just for admins... this should extend to users too. I'd like to just configure my 2FA globally and then move on knowing security policy is set for all future users.
Jason Langenauer
Hi Eric,
You can require MFA for all users in the "Security and Permissions" section of TimeZest, which will require all users to setup 2FA with their next login or when they accept their invitations.
We don't make it the default option, as our clients are MSPs, and are therefore able to make decisions regarding the tradeoffs between security and ease of use themselves.
Jason
E
Eric Buhrendorf
Jason Langenauer: I only see this available for admin users. I'll keep further comment to myself on the matter of a vendor promoting, or not, standards based security measures.
Jason Langenauer
Hi Eric,
You can require all users to have MFA (and set it up on their next login) in the "Security and Permissions" section of TimeZest.
Jason
E
Eric Buhrendorf
Jason Langenauer: Hey Jason thanks for the response. I see requrie 2fa for all admins - I should be able to require 2fa for all users here globally... I don't want to manage this at the user level!
E
Eric Buhrendorf
Jason Langenauer: Additionally, none of my users have logged in yet and the UI doesn't seem to let me enable or force 2FA yet. Do they need to log in once first before I can enforce 2FA??