cancel
Showing results for 
Search instead for 
Did you mean: 

MFA for Administrators

SOLVED
Highlighted
Getting noticed

MFA for Administrators

Why cant you have another organization Administrator reset this?/ It seems a little overkill to have to create a case just for a new phone number or lost device. 

 

Thoughts?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Getting noticed

Re: MFA for Administrators

@SoCalRacer Yeah I actually use DUO auth so it's not bad I just had a coworker have to factory reset his phone and the below happened. 

 

"Google Auth App won't restore my settings " I look at the documentation for 2 minutes. Proceed to delete and readd admin

 

Told him to Use  SMS or DUO as we have an enterprise Duo and it saves all your settings

 

 

 

I'm all for security and that internal disgruntled worker makes sense. But even DUO doesn't require that for a forgotten device, hence my conundrum for this notarized security! 

3 REPLIES 3
Head in the Cloud

Re: MFA for Administrators

Please note SMS auth is considered beta

 

Process to reset is outlined here.

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Reco...

 

I would say the general position is that losing devices isn't a regular thing. Allowing any admin to reset a 2FA could cause a security issue in that if the admin was a disgruntled employee then they could reset all the 2FA and it would break logins for everyone. They then could cause havoc. Essentially this process allows User, Admin, and Support to ok the change. Security is a pain, but required. My suggestion would be use a device you won't lose using Google Authenticator instead of SMS.

Getting noticed

Re: MFA for Administrators

@SoCalRacer Yeah I actually use DUO auth so it's not bad I just had a coworker have to factory reset his phone and the below happened. 

 

"Google Auth App won't restore my settings " I look at the documentation for 2 minutes. Proceed to delete and readd admin

 

Told him to Use  SMS or DUO as we have an enterprise Duo and it saves all your settings

 

 

 

I'm all for security and that internal disgruntled worker makes sense. But even DUO doesn't require that for a forgotten device, hence my conundrum for this notarized security! 

Kind of a big deal

Re: MFA for Administrators

We have all of our admin accounts across most services using MFA / 2FA. We do also have a backup account just in case without this enabled, the last thing I want is to be locked out becuase I am not recieving the notification.

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.