The “Mandatory Two-Factor Authentication” feature allows you to require enabling the Two-Factor Authentication for user groups during the specified time range. If the user doesn’t enable the Two-Factor Authentication on time, the account becomes deactivated and marked with a “Disabled” status.
Note: The “Mandatory Two-Factor Authentication” feature is available only for the Support user role and System Owner with the Global Admin user role.
To view the settings, go to the System Management > Project Settings section, the “Global” tab, and the “Mandatory Two-Factor Authentication” subtab.
To enable this feature, check the “Enable Mandatory 2FA” box, select the time range when the user is required to enable the Two-Factor Authentication from the “Deactivate accounts without 2FA after” (7/14/30/90 days) drop-down field, and select the user groups in the “Affected User Groups” field. By default, the “Buyers”, “Publishers”, and “Employees” groups are selected.
Click the “Save” button to complete the action.
After you enable the “Mandatory Two-factor Authentication” feature, the user from the selected group will see the notification on the screen with the countdown of the remaining time until they will be temporarily blocked. The countdown starts from the moment you have enabled the feature or when the new user is registered in the system (if the feature has been already enabled).
If the user fails to enable the Two-Factor Authentication on time, the account status will be changed from “Active” to “Disabled” and the system cannot be accessed.
Note: Each time you make changes in the “Mandatory Two-Factor Authentication” settings, the expiration calculator for the selected users or user groups is reset.