Forcing two-factor authentication for client users

  • 6
  • Idea
  • Updated 2 months ago

Is there a possibility that the 2-factor authentication would become a settings that could be forced for external client users access company data share? I know that there is article specifically saying that this isn't possible, but I really cannot figure out why that is as it would be in part be a key component securing the platform.

I know there would be also options to force all use SSO, but the that requires all users to have access to the SSO system and that is not great when thinking about external users.

I would hope a change as such would be something that could be implemented to the platform as there is definite customer request for it.
Photo of Antti Lakanen

Antti Lakanen

  • 1 Post
  • 0 Reply Likes

Posted 4 months ago

  • 6
Photo of Adam B

Adam B

  • 4 Posts
  • 1 Reply Like

Please expedite the implementation of enforced two factor authentication for clients.

For added flexibility (phase 2 if not sooner?), I'd like to suggest that when the two factor requirement for clients and employees feature is implemented, it should be assignable via a ShareFile policy that can be assigned to a group.  That way, if there is a particular group that for whatever reason doesn't require two factor authentication, it doesn't have to be applied to everyone login on the entire account. I also highly recommend implementing alternate versions of two factor authentication other than SMS and voice.  For example, Google Authenticator is considered more secure since SMS can be intercepted.

Please raise the priority on this request!

Thank you!