Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure Multi-Factor Authentication for Administrators

Enable Multi-Factor Authentication

When you enable multi-factor authentication for a realm, it is turned on for all administrators in at realm. You must be a System Administrator to enable multi-factor authentication.

To enable and configure multi-factor authentication settings, navigate to Administration > Multifactor Authentication.

  1. Use the slider to enable multifactor authentication.
  2. Select an authentication method. This is the method by which a verification code will be sent to the administrator, either SMS or Email.

    If you select Email, the configuration is finished, and you can click Save. ATP Cloud will use the email address already entered for each user. If you select SMS, continue to the next step.

    Note:

    A user is locked out of ATP Cloud for 1 hour if 4 verification codes have been sent without any being used (verified) to login to ATP Cloud.

    Note:

    When you change the authentication method, if any users have been locked out due to too many verification code requests, those users are all automatically unlocked. All counters that track the number of verification codes that have been sent are reset to zero when the authentication method is changed.
  3. Select an Authentication Interval. The options are:

    • Every time user logs in—User must enter a verification code for every log in.

    • Every day—Multi-factor authentication is required every 24 hours. After going through the multi-factor authentication process once, only username and password are required to log in until 24 hours have passed.

    • Every week—Every week—Multi-factor authentication is required every 7 days. After going through the multi-factor authentication process once, only username and password are required to log in until 7 days have passed.

    • Month— Multi-factor authentication is required every 30 days. After going through the multi-factor authentication process once, only username and password are required to log in until 30 days have passed.

    Note:

    The user can select a check box on the Verify Identity screen to remember the code for the period of time selected above. If the user does not click the check box, she will have to go through the verification process again no matter what authentication interval is configured.
  4. Click Save.

Verification Codes for Multi-Factor Authentication: SMS

When SMS is set as the authentication method, the first time an administrator attempts to log in to the Juniper ATP Cloud Web UI (enters a username and password), a Verify Identity screen appears. Administrators must enter the following information in the Verify Identity screen:

  • Select the country where the mobile number was issued.

  • Enter their mobile phone number (numbers only, no dashes or other characters)

  • Click the Send Code button. A verification code is sent to the mobile device.

  • Once the code is received by text or email, enter the 8 digit code in the Verification Code field.

  • Click Verify.

Lockout Conditions:If an administrator does not receive the code, she can click the Send Code button again. Note the following security precautions in place for resending code requests: ATP Cloud will wait 60 seconds after sending a code before it will send another code once a request is made. Once a user has requested a verification code 4 times without logging in to ATP Cloud, she is permanently locked out. In this case, the user must contact an administrator to remove the lock.

Verification Codes for Multi-Factor Authentication: Email

When Email is set as the authentication method, the first time an administrator attempts to log in to the Juniper ATP Cloud Web UI (by entering a username and password), a Verify Identity screen appears. Users must enter the following information:

  • Enter the 8 digit verification code contained in the email.

  • Click Verify.

If a user does not receive the code, she should check her spam folder. If it’s not there, she can click the Resend Code button. Note the following security precautions about resending code requests. ATP Cloud will wait 60 seconds after sending a code before it will send another code once a request is made. Once a user has requested a verification code 4 times without logging in to ATP Cloud, she is locked out for 1 hour, meaning a new code cannot be requested for that amount of time.

Note:

When Email is the MFA method, the one hour lockout cannot be cleared. The user must wait the full hour before requesting another verification code.

Unlock a User

An SMS lockout can be removed by a system administrator who is logged into Juniper ATP Cloud.

To remove the lockout,

  1. Navigate to Administration > Users and locate the locked out user.
  2. Select the check box to edit the user.
  3. On the User Edit screen is MFA Method and Mobile Number. Click the link to Reset mobile number. This removes the lock, allowing the user to step through the Verification Identity screen again, and the code request counter is reset to zero.

Related Documentation