Multi-Factor Authentication is crucial because it adds an extra layer of security beyond just a password. This is important because the MDM platform manages and controls access to sensitive data and critical applications across all devices in an organization. 

With M-FA, even if a password is compromised, unauthorized access is prevented as a second verification form (like a code is required from the Authenticator application) is required. This reduces the risk of data breaches, and unauthorized device access, and ensures that only authorized users can make changes or access the MDM system, protecting the organization’s mobile environment from potential security threats.

WeGuard integrates with Microsoft Authenticator, Google Authenticator, and Twilio Authentication tools to facilitate secure sign-in and code generation.

While new account admins, group admins, and observers will follow the setup if it is enabled for them, main account admins have the ability to configure multi-factor authentication (MFA) settings.

Procedure to Enable Two-Factor Verification from the WeGuard Enterprise Portal

• Login to the WeGuard Console. 

• Click on Settings (Cog Wheel Icon on the top right corner beside the Name) and select Settings from the Dropdown
  

• Navigate to Security
  

• Click on Enable the Two-Step Verification
  

• On the device Download the Authenticator application scan the QR showing in the WeGuard Console and enter the Key.
  

Users are also provided with 10 recovery codes available on the console, which can be used if the mobile device is unavailable or lost. These recovery codes are valid for single use only. After all 10 codes are used, they can be regenerated by clicking the "regenerate" button. Successful sign-in requires entering these details, and the codes will work for 24 hours if accessed from the same browser and device.

Note: Two-Step Authentication has to be enabled by the Main Account Admin in order to set it up on other users account.

Once that is enabled from the main account, other users will be prompted to configure the Two-Step Authentication when they login with their credentials and they can follow the steps above to configure it.

Result: All the users need to login to their accounts using Password and Multi-Factor Authentication Key provided in Authenticator application.

Procedure to Disable Two-Step Authentication from the WeGuard Enterprise Portal

The main account admin can disable two-step verification for their account and all the Users. However, before they can disable it for themselves, they must first ensure that two-step verification is disabled for all other users if it is currently enabled for them. A pop-up message will prompt the admin to confirm their decision and will inform them that disabling MFA will require reconfiguring it if they choose to enable it again in the future. If MFA is not enabled for other users, the main admin can disable it directly.