We are looking to tighten up the security on our existing Meraki organisation by enforcing all admins to have multifactor authentication enabled on their account. What we're not sure about is the impact of enforcing it after the accounts have been created.
We have a number of full organisation admin accounts and all of those with any sort of write permissions have MFA enabled but there are accounts with either organisational read-only or guest ambassador roles that currently don't.
If we throw the switch and enforce MFA under Organization > Settings > Security, does anyone know if that would effectively lock all of the non-MFA enabled users out completely or is there an automated process that relays those users to the MFA setup the first time they try to log back in?
We're just trying to avoid a bunch of help desk calls if we can and an automated process would make that a lot simpler.
Solved! Go to Solution.
When you enable it, the next time an admin logs in they will see the following page:
If SMS auth doesn't work in your country you can click on the offline access links in the green box and you will be brought to 2FA using an authenticator AP:
They can't login before they set it up.
@BrechtSchamp I knew someone would have some sexy screenshots. Thanks for sharing those sir
Well I didn't have them, but I thought I'd just test it out and take them.
(Trying not to lock myself out in the process, hence the delay in my response.)
I assume if the password currently set does not comply with the new rules, it would instruct the user to change it accordingly as well?