Forcing two-factor authentication for client users

  • 10
  • Idea
  • Updated 3 months ago

Is there a possibility that the 2-factor authentication would become a settings that could be forced for external client users access company data share? I know that there is article specifically saying that this isn't possible, but I really cannot figure out why that is as it would be in part be a key component securing the platform.

I know there would be also options to force all use SSO, but the that requires all users to have access to the SSO system and that is not great when thinking about external users.

I would hope a change as such would be something that could be implemented to the platform as there is definite customer request for it.
Photo of Antti Lakanen

Antti Lakanen

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 10
Photo of Adam B

Adam B

  • 5 Posts
  • 9 Reply Likes

Please expedite the implementation of enforced two factor authentication for clients.

For added flexibility (phase 2 if not sooner?), I'd like to suggest that when the two factor requirement for clients and employees feature is implemented, it should be assignable via a ShareFile policy that can be assigned to a group.  That way, if there is a particular group that for whatever reason doesn't require two factor authentication, it doesn't have to be applied to everyone login on the entire account. I also highly recommend implementing alternate versions of two factor authentication other than SMS and voice.  For example, Google Authenticator is considered more secure since SMS can be intercepted.

Please raise the priority on this request!

Thank you!
Photo of Dan M

Dan M

  • 4 Posts
  • 4 Reply Likes
I concur; as the person responsible for information security in our organization, I cannot believe that I would not have the power to enforce all of our ShareFile users to use two-step verification since that is a security layer that helps to protect our company and client data.

Why should an individual employ have the ability put our company at greater risk just to make their login process a little easier?

This is especially pertinent if they have already decided choose a weak password in order to make their login process a little easier on themselves. At that point, having two-step verification in place would be the only working security control in place to protect our company--at least in regards to your product.
Photo of Desi


  • 3 Posts
  • 5 Reply Likes
Not only can you not enforce it, but I can't find any way to report on it either other than manually going in to every profile to verify that they have it turned on. Have I just missed it?

Dan - you should be able to set the password parameters to require a secure password. at least. 
Photo of Dan M

Dan M

  • 4 Posts
  • 4 Reply Likes
Yeah, this apparently 1 yr old design flaw needs to be addressed for regulatory compliance issues. ShareFile customers required to meet GLBA or HIPAA are going to have a hard time with their regulators when they catch wind of this.

Please Citrix, update the MFA feature set in ShareFile to meet best practice standards.
Photo of dungeoncrawl


  • 28 Posts
  • 13 Reply Likes
Or just chime in and tell us if it is on the roadmap and, if so, about when we can expect it.  The silence on a highly active entry, on a site that support claims is monitored regularly by product management and developers is extremely frustrating.