• Home
• Customize MFA for end users

Customize MFA for end users

---

This is a step by step guide to customize and enroll MFA for end users.

Configuration Steps

• To enable 2FA/MFA for VPN end-users, go to 2-Factor Authentication >> 2FA for end users.
• Select default Two-Factor authentication method for end users. You can select particular 2FA methods, which you want to show on the end users dashboard.
• Once Done with the settings, click on Save to configure your 2FA settings.

MFA Enrollment Steps

• Once the users are imported, below steps should be followed to enroll 2fa for users.
• Click on the Settings icon in top right corner.



• Select the Security tab, under that select Login & Logout.
• Click on the option Enforce users to set up their 2FA Method on First Login to enable it.



• Click on Save to save the settings.
• The end user would login into their End-User Dashboard using the end user login URL.
• For Cloud Version: The Login URL for end users will be available after setting up Organization name.

(You can follow these steps and use the login URL present in the Branding section.)




• For On-Premise version: The Login URL will be the same as of Admin Login URL.
• After logging in with the correct credentials for the first time, the end user would be prompted to setup their 2FA method.



• Configure any 2FA method that you want. You can explore the guide to setup 2FA methods here .
• After successfully configuring the 2FA, the end user would be prompted for the setting up Security Question as the alternate MFA method.
• Configure the Security Questions and click on Save.



• To prevent the end users from configuring Security Questions as the alternate MFA method, select Settings icon in top right corner.
• Click on the Users tab, under that select User Onboarding.
• Click on the option Skip Alternate Login Method (KBA) Configuration during Inline Registration to enable it.



• Click on Save.

Send Mail for MFA Activation

In case you are using Google Authenticator, Microsoft Authenticator or Authy Authenticator as the MFA method, then you have the option of sending emails to the users consisting of the authenticator QR codes to configure their MFA.

• To enable sending MFA Activation mails to the users, go to 2-Factor Authentication >> 2FA for end users.
• Select default Two-Factor authentication method for end users.
• Go to Send Email for MFA Activation.
• Enable the toggle button and select the authenticator type.



• Click on Save.
• You can click here to customize the email template which would be sent to the user.
• Now every time any users are added or onboarded, they would automatically receive the MFA Activation email.

Manually Send MFA Activation Emails to Users

• Go to Users >> User List.
• Select the users and from the Select Action dropdown, click on Send Mail for MFA Activation.



• A pop up would open displaying the users selected.
• Select the TOTP Authenticator type from the Select Authenticator Type dropdown.



• Click on Send Email.
• The email would be sent to the selected users.