Meraki

Community

Enabling multi factor authentication after admins are created

Solved
Pugmiester
Building a reputation
‎Apr 16 2019 6:30 AM
‎Apr 16 2019 6:30 AM

Enabling multi factor authentication after admins are created

Hi all,

 

We are looking to tighten up the security on our existing Meraki organisation by enforcing all admins to have multifactor authentication enabled on their account. What we're not sure about is the impact of enforcing it after the accounts have been created.

We have a number of full organisation admin accounts and all of those with any sort of write permissions have MFA enabled but there are accounts with either organisational read-only or guest ambassador roles that currently don't.

If we throw the switch and enforce MFA under Organization > Settings > Security, does anyone know if that would effectively lock all of the non-MFA enabled users out completely or is there an automated process that relays those users to the MFA setup the first time they try to log back in?

We're just trying to avoid a bunch of help desk calls if we can and an automated process would make that a lot simpler.

1 Accepted Solution
Cmiller
Building a reputation
‎Apr 16 2019 7:54 AM
‎Apr 16 2019 7:54 AM

Been a while since I did this on my orgs but I remember it going smoothly. Once enabled, the next time a user logs into the dashboard it will guide them through setting up 2FA. That user is unable to continue until completed.

See meraki doc:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication

View solution in original post

10 Replies 10
Cmiller
Building a reputation
‎Apr 16 2019 7:54 AM
‎Apr 16 2019 7:54 AM

Been a while since I did this on my orgs but I remember it going smoothly. Once enabled, the next time a user logs into the dashboard it will guide them through setting up 2FA. That user is unable to continue until completed.

See meraki doc:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication
In response to Cmiller
Pugmiester
Building a reputation
‎Apr 16 2019 7:59 AM
‎Apr 16 2019 7:59 AM

Hi @Cmiller, that's what I was hoping for. We have a reasonable number of guest ambassadors as we have 25+ networks with local ambassadors managing the guests so it's a decent sized update for them all but if it's a guided process it will make things a bit simpler.
In response to Pugmiester
Cmiller
Building a reputation
‎Apr 16 2019 8:04 AM
‎Apr 16 2019 8:04 AM

It was guided, and in this era of constant leaks and hacks 2FA is a must. You can choose to setup 2FA on your account and "demo" what the guided setup will look like for your users = Click your username in the top right > My Profile > scroll to the Two-Factor authentication section.

Good luck with the conversion and remember to save those one time codes in a safe place (I use and love 1Password)
In response to Cmiller
stockster
Here to help
‎Apr 17 2019 2:00 AM
‎Apr 17 2019 2:00 AM

I assume if the password currently set does not comply with the new rules, it would instruct the user to change it accordingly as well?

 

Regards,

 

stockster

0 Kudos
In response to stockster
Cmiller
Building a reputation
‎Apr 17 2019 6:01 AM
‎Apr 17 2019 6:01 AM

correct
BrechtSchamp
Kind of a big deal
‎Apr 16 2019 8:00 AM
‎Apr 16 2019 8:00 AM

When you enable it, the next time an admin logs in they will see the following page:

2019-04-16 16_43_08-Window.png

If SMS auth doesn't work in your country you can click on the offline access links in the green box and you will be brought to 2FA using an authenticator AP:

2019-04-16 16_47_23-Window.png

 

They can't login before they set it up.

In response to BrechtSchamp
Pugmiester
Building a reputation
‎Apr 16 2019 8:03 AM
‎Apr 16 2019 8:03 AM

Hi @BrechtSchamp, that's great. Sounds like this shouldn't be a big a headache, just plenty of warning for the affected users and some hand holding to make sure the less technical staff (guest ambassadors) have an authentication app ready to go.
0 Kudos
In response to BrechtSchamp
Cmiller
Building a reputation
‎Apr 16 2019 8:05 AM
‎Apr 16 2019 8:05 AM

@BrechtSchamp  I knew someone would have some sexy screenshots. Thanks for sharing those sir

0 Kudos
In response to Cmiller
BrechtSchamp
Kind of a big deal
‎Apr 16 2019 8:07 AM
‎Apr 16 2019 8:07 AM

Well I didn't have them, but I thought I'd just test it out and take them.

 

(Trying not to lock myself out in the process, hence the delay in my response.)

In response to BrechtSchamp
MerakiNomads
Conversationalist
‎Apr 16 2019 10:22 AM
‎Apr 16 2019 10:22 AM

Thanks, this helps a lot.
Stacy
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.