Two-step verification by default for all users & clients

  • 20
  • Idea
  • Updated 2 months ago
  • (Edited)
Hi there

Currently the user has to activate the two-step verification on his own. That should be activated by default from an admin so that all users and also clients has to use the feature.

Background: Using the mail encryption feature a client user who receives an encrypted mail can open it without any two-step verification. That's not security.

We're currently have an invitation to tender to offer mail encryption for up to 7500 users.

Thanks and best regards
Udo
Photo of UdoJ

UdoJ

  • 237 Posts
  • 50 Reply Likes

Posted 1 year ago

  • 20
Photo of Rob Kuipers

Rob Kuipers

  • 15 Posts
  • 9 Reply Likes
I agree with UdoJ, we send links for sensitive data all the time and to make it more secure the two-step verification by default gives us the security we need.
Photo of UdoJ

UdoJ

  • 237 Posts
  • 50 Reply Likes
Thanks Rob, perhaps vote upper right also :-)
Photo of Adam B

Adam B

  • 5 Posts
  • 9 Reply Likes
For added flexibility, I'd like to suggest that when the two factor requirement for clients and employees feature is implemented, it should be assignable via a ShareFile policy that can be assigned to a group.  That way, if there is a particular group that for whatever reason doesn't require two factor authentication, it doesn't have to be applied to everyone login on the entire account. I also highly recommend implementing alternate versions of two factor authentication other than SMS and voice.  For example, Google Authenticator is considered more secure since SMS can be intercepted.

Please raise the priority on this request!

Thank you!
Photo of BillC

BillC

  • 4 Posts
  • 10 Reply Likes
I agree with this 100%.

It is a major security issue in that employees have access to all client data and if they are compromised, so is all of the client data. Clients only have access to their data, so that is not as big a concern.

There is not even a report on which employees have enabled 2FA.

This is now a deal breaker for us, given all the security breeches that have occurred in the world lately.

ShareFile needs to get caught up to the times.
Photo of David Birrer

David Birrer

  • 11 Posts
  • 1 Reply Like
you can get a report via powershell about the 2FA per User. Search in this forum and you will find it.
Photo of Dan M

Dan M

  • 4 Posts
  • 4 Reply Likes
David, I agree that powershell is a wonderful tool. However, not everyone in IT and certainly not in InfoSec, is adept at writing powershell scripts. Besides, why should customers have to do all of the work when providing customers with a value-add such as basic security and reporting should be the responsibility of every business if they want to stay competitive? I think allowing admins to enforce MFA across the board and to provide them with a dashboard report and email notifications is not too much to ask, especially when so many other services already offer this.

The comment is helpful and informative, I just don't think we should be letting Citrix of the hook here for a year old basic security request.
Photo of BillC

BillC

  • 4 Posts
  • 10 Reply Likes
Thanks for the response David. 

Unfortunately, I couldn't find a reference to powershell reports for 2FA or Two Factor Authentication.

In any event, this still seems to be a major weakness to the ShareFile framework and they should improve the implementation and reporting on 2FA.
Photo of Cindy Morda

Cindy Morda

  • 19 Posts
  • 5 Reply Likes
I'm going to jump in on this issue also.  Our clients are now requiring us to use two-factor authentication to secure their data.  ShareFile, can you please let us know if we can expect to see the enforcement of two-factor authentication in a future release?  We need to hear from you on this issue.  Thank you!
Photo of Pereira

Pereira

  • 10 Posts
  • 6 Reply Likes
We also activated 2FA, but we have no control who is using them. I opened a support case and Citrix told me that 2FA for all users is currently on the long-term roadmap without timeframe when this will be implemented. I hope this will come very soon. And the suggestion from Adam to implement 2FA for a group, is also a good idea. The actual method that only 2FA is asked when using a new machine is very good. Thank you.
Photo of Andrew Colombino

Andrew Colombino

  • 20 Posts
  • 8 Reply Likes
Our firm would like to have this feature too.

It would be nice if we could enable mandatory 2FA and the next time the users log on, they're asked to set it up before continuing.
Photo of dungeoncrawl

dungeoncrawl

  • 31 Posts
  • 13 Reply Likes
We need this as well.  
Photo of Roberto Pereira

Roberto Pereira

  • 5 Posts
  • 5 Reply Likes
How can we know if Citrix is planing this feature? is it possible that a Citrix employee writes an update?
Photo of Padraig

Padraig

  • 6 Posts
  • 4 Reply Likes
Agreed - Sharefile could be so much better by implementing maximum security by default ( with the ability for superusers to change this if required in particular scenarios) . The spirit of GDPR (if not the letter) would demand this.
Photo of dungeoncrawl

dungeoncrawl

  • 31 Posts
  • 13 Reply Likes
There really seems like a lot of chatter regarding this.  My understanding from talking to tech support is that this is the very type of thing that should get Product Management's attention and get us on a roadmap.  However, it has been a year.  Can we get somebody from product mgt or product dev to weigh-in on this?  
Photo of Adam B

Adam B

  • 5 Posts
  • 9 Reply Likes
Yes, please! Attn Product Manager - can you please provide us some insight here as to whether improved management of 2-factor authentication is coming, and when?  This is very important, but Citrix has not beet been responsive here.  Thank you,
Photo of B. Fry

B. Fry

  • 1 Post
  • 2 Reply Likes
As we acquire more and more national contracts, the inability to enforce 2FA/MFA platform (or group) wide is becoming more of a hinderance and preventing us from winning sizeable contracts. Enough that we are considering other services in place of SF. Does anyone know of comparable file sharing services that provide the ability to enforce MFA enterprise wide? This really seems like a no-brainer and shouldn't be all that hard to implement since the foundation is already in place. 
(Edited)
Photo of dungeoncrawl

dungeoncrawl

  • 28 Posts
  • 13 Reply Likes
Agreed.  It's more about Sharefile 'wanting' to do it and prioritizing it than it is about technical difficulty.    It's a) checking a global variable (call it Require_2FA) and b) if set to "True" remove the option for the customer to disable it (grey it out).  That's a great start.
Photo of BillC

BillC

  • 4 Posts
  • 10 Reply Likes
Photo of dungeoncrawl

dungeoncrawl

  • 31 Posts
  • 13 Reply Likes
Does Drobox for biz have an on-premise solution like Sharefile where files are stored on-premise and not in the Dropbox cloud?
Photo of Desi

Desi

  • 3 Posts
  • 5 Reply Likes
This is critical. We can enable, but not enforce it. And we also can't report on it! So every month, I have to manually go in to every user account and verify they still have two-factor authentication set up. 
Photo of Dan M

Dan M

  • 4 Posts
  • 4 Reply Likes
I am now seeing there are multiple threads requesting for MFA enforcement at an admin level across the ShareFile platform for all users. This is gravely needed if Citrix plans to continue in this space. I can just see the headlines now, "Business sues vendor for not providing reasonably adequate (and requested) security after being sued by customer in data breach". MFA should be the standard for all online systems in 2018. It's not perfect, but its the starting point we should all be entering the race from now.

I encourage everyone feeling the same way to Vote, post and Like this and related threads. The squeaky wheel....
Photo of Don Baham

Don Baham

  • 3 Posts
  • 1 Reply Like
I certainly hope Citrix gives this the attention it deserves!
Photo of Mark Wah

Mark Wah, Employee

  • 4 Posts
  • 1 Reply Like
Hi all,

Thank you for being patient on this request. We have been working in the background on augmenting the existing Two Step Verification capability for admins to have options to make it required or mandatory for groups of user types - employee and clients. We are recruiting customers for implementation and validation. If you are interested, please reach out to me directly. <first name>.<last name> AT citrix.com and reference this forum discussion. 

Thanks,
Mark Wah
Photo of Mark Wah

Mark Wah, Employee

  • 4 Posts
  • 1 Reply Like
Hi all,

Thank you for the few who contacted me. We were not able to meet everyone but we have good feedback on the updated capability that we released. Some of you may have seen the ShareFile Web App Release Notes for 18.40 that highlighted the update: https://community.sharefilesupport.com/citrixsharefile/topics/release-notes-sharefile-web-applicatio...

The relevant KB article was also updated: https://support.citrix.com/article/CTX208336 

Thank you for your patience.
Photo of Desi

Desi

  • 3 Posts
  • 5 Reply Likes
I'm happy that this is released, but unfortunately I haven't been able to make the change yet because I get an Invalid Certificate warning under SAML, even though Enable SAML is set to no. Anyone else encountering this?