Configuring 2 Step Authentication on ProofPoint

Created by Marc Chouinard, Modified on Fri, 26 Nov, 2021 at 4:33 PM by Marc Chouinard

SituationYou want to help protect your organizations from unauthorized access by requiring users to enter an additional code when logging in. 
Solution

See below for information on:

  • What is 2 Step Authentication?
  • What happens when I turn on 2 Step Authentication?
  • How do I enable 2 Step Authentication?
  • How do I disable 2 Step Authentication?

 

WARNING: If you log on ProofPoint using Microsoft 365 credentials, DO NOT enable 2 step authentication on ProofPoint. Use the MFA feature provided by Microsoft 365.


What Is 2 Step Authentication?

2 step authentication can be used to help protect your organization from unauthorized access by requiring two methods (authentication factors) to verify users' identity when logging into Proofpoint Essentials. 2 step authentication helps protect against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

What Happens When You Turn On 2 Step Authentication?

Authentication Method: SMS

Once 2 step authentication has been enabled for your organization, whenever a user attempts to login, they will be prompted to enter both their password and a passcode sent to their mobile number. 


When a user has successfully logged in, they will not be prompted to enter another passcode for 12 hours, however, if a user clears their browser cookies, they will be prompted to enter a new passcode upon their next login.

 

Important: To ensure users can receive a passcode via the SMS authentication method, all in scope users must have a valid mobile number assigned to their account. In the absence of a valid mobile number, users will be unable to login if two step authentication is enabled.

How Do I Enable 2 Step Authentication?

Enable Two Step Authentication  

  1. Navigate to Administration > Account Management > Authentication


  2. Click Manage 2 Step Authentication 


3. Click the toggle to enable 2 Step Authentication  



4. Choose the users that you want to include in 2 step authentication scope:

    All users - All users within the organization will need to enter a passcode upon logging in.
    Admin Only - Only Admin users within the organization will need to enter a passcode upon logging in.


5. Click Save 


6. Click Confirm  to Update summary





How Do I Disable 2 Step Authentication?

Disable Two Step Authentication  


  1. Navigate to Administration > Account Management > Authentication
  2. Click Manage 2 Step Authentication 
  3. Click the toggle to disable 2 Step Authentication  
  4. Click Save 
  5. Click Confirm on the Update summary. 


FAQ

How will I know if two step authentication is enabled or disabled? Navigate to Administration > Account Management > Authentication and check the status of the setting in the 2 step authentication section - Enabled (Green) or Disabled (Grey) 

Will I receive any notifications if two step authentication settings have changed?

Yes, upon changing the status or scope of 2 step authentication, an email will be sent to the organization tech contact informing them of the change.

 

How can I update a user's phone numbers to use the SMS authentication factor?

Locate the user then navigate to Profile Page > Mobile Number.

 

Will a user's mobile numbers sync over Active Directory or Azure Directory sync?

Yes, we sync both Active Directory and Azure Directory mobile number fields.

 

Will CSV Import support the ability to add a mobile number?

Yes, we've extended CSV Import to include a new mobile number field.

 

Do all my users need a valid phone number to login if 2 step authentication is enabled?

Yes, please ensure all in-scope user accounts (including your own) have a valid mobile number. Users without a valid mobile number will not receive a one-time passcode and will be unable to log in.

 

If I have an account on multiple sites, will I be prompted to enter a passcode for each account?

To ensure a greater security posture across all sites, if you have multiple accounts, you will be required to enter a passcode when logging in, per account, per site.  Upon a successful login, you will not be prompted to enter another passcode for 12 hours.

 

Can I reset my password when 2 step authentication is turned on?

Yes, users can use the existing reset password functionality to reset their password over email. If 2 step authentication is enabled with SMS as the authentication method, users will not have the option to reset their password via SMS.