cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enabling multi factor authentication after admins are created

SOLVED
Getting noticed

Enabling multi factor authentication after admins are created

Hi all,

 

We are looking to tighten up the security on our existing Meraki organisation by enforcing all admins to have multifactor authentication enabled on their account. What we're not sure about is the impact of enforcing it after the accounts have been created.

We have a number of full organisation admin accounts and all of those with any sort of write permissions have MFA enabled but there are accounts with either organisational read-only or guest ambassador roles that currently don't.

If we throw the switch and enforce MFA under Organization > Settings > Security, does anyone know if that would effectively lock all of the non-MFA enabled users out completely or is there an automated process that relays those users to the MFA setup the first time they try to log back in?

We're just trying to avoid a bunch of help desk calls if we can and an automated process would make that a lot simpler.

1 ACCEPTED SOLUTION

Accepted Solutions
Building a reputation

Re: Enabling multi factor authentication after admins are created

Been a while since I did this on my orgs but I remember it going smoothly. Once enabled, the next time a user logs into the dashboard it will guide them through setting up 2FA. That user is unable to continue until completed.

See meraki doc:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication

View solution in original post

10 REPLIES 10
Building a reputation

Re: Enabling multi factor authentication after admins are created

Been a while since I did this on my orgs but I remember it going smoothly. Once enabled, the next time a user logs into the dashboard it will guide them through setting up 2FA. That user is unable to continue until completed.

See meraki doc:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication

View solution in original post

Getting noticed

Re: Enabling multi factor authentication after admins are created

Hi @Cmiller, that's what I was hoping for. We have a reasonable number of guest ambassadors as we have 25+ networks with local ambassadors managing the guests so it's a decent sized update for them all but if it's a guided process it will make things a bit simpler.
Building a reputation

Re: Enabling multi factor authentication after admins are created

It was guided, and in this era of constant leaks and hacks 2FA is a must. You can choose to setup 2FA on your account and "demo" what the guided setup will look like for your users = Click your username in the top right > My Profile > scroll to the Two-Factor authentication section.

Good luck with the conversion and remember to save those one time codes in a safe place (I use and love 1Password)
Highlighted
Here to help

Re: Enabling multi factor authentication after admins are created

I assume if the password currently set does not comply with the new rules, it would instruct the user to change it accordingly as well?

 

Regards,

 

stockster

Building a reputation

Re: Enabling multi factor authentication after admins are created

correct
Kind of a big deal

Re: Enabling multi factor authentication after admins are created

When you enable it, the next time an admin logs in they will see the following page:

2019-04-16 16_43_08-Window.png

If SMS auth doesn't work in your country you can click on the offline access links in the green box and you will be brought to 2FA using an authenticator AP:

2019-04-16 16_47_23-Window.png

 

They can't login before they set it up.

Getting noticed

Re: Enabling multi factor authentication after admins are created

Hi @BrechtSchamp, that's great. Sounds like this shouldn't be a big a headache, just plenty of warning for the affected users and some hand holding to make sure the less technical staff (guest ambassadors) have an authentication app ready to go.
Building a reputation

Re: Enabling multi factor authentication after admins are created

@BrechtSchamp  I knew someone would have some sexy screenshots. Thanks for sharing those sir

Kind of a big deal

Re: Enabling multi factor authentication after admins are created

Well I didn't have them, but I thought I'd just test it out and take them.

 

(Trying not to lock myself out in the process, hence the delay in my response.)

Conversationalist

Re: Enabling multi factor authentication after admins are created

Thanks, this helps a lot.
Stacy
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.