Two-factor authentication at the role level

You can enable or disable two-factor authentication at the role level, which overrides any setting you made at the site level.

Caution

Enabling two-factor authentication for a role locks all accounts associated with that role until the users are able to enter an authentication password. Ensure that your users are trained and have an authenticator installed on their phones before enabling two-factor authentication at the role level.

To enable or disable two-factor authentication at the role level:

  1. From the Navigation menu, select Admin > Users & Roles.
  2. In the Roles widget, select the role for which you want to enable or disable two-factor authentication. The Edit Tool Role widget appears.
  3. Under Advanced, from the Two-Factor Authentication Required field, select one of the following:
    • Default—Two-factor authentication setting for the role’s users is the same as at the site level.
    • Required—Role’s users need two-factor authentication to log in.
    • Not Required—Role’s users do not need two-factor authentication to log in.
  4. Click Save.

Note

Individual users can enable two-factor authentication even if it is not required at the role level. For details, see Enabling or disabling two-factor authentication.

See also: