Enable/disable two-factor authentication by role
You can enable or disable two-factor authentication at the role level, which overrides any setting you made at the system level.
Warning
Enabling two-factor authentication for a role locks all accounts associated with that role until the users are able to enter an authentication password. Ensure that your users are trained and have an authenticator installed on their phones before enabling two-factor authentication at the role level.
To enable or disable two-factor authentication at the role level:
- Click > Admin > Users & Roles
- In the Roles widget, select the role for which you want to enable or disable two-factor authentication.
- Toward the right of the widget, select > Advanced.
From the Two-Factor Authentication Required field, select one of the following:
- Default—Two-factor authentication setting for the role’s users is the same as at the site level.
- Required—Role’s users need two-factor authentication to log in.
- Not Required—Role’s users do not need two-factor authentication to log in.
- Click Save.
Note
Individual users can enable two-factor authentication even if it is not required at the role level. For details, see Enabling two-factor authentication in your profile.