Multi-Factor Authentication (MFA)
To ensure security standards, 8x8 apps now enforce multi-factor authentication (MFA) for all 8x8 administrator accounts.
To be able to log in to an 8x8 admin account, an 8x8 Admin Console admin must enable Multi-Factor Authentication (MFA) first, and only then an 8x8 admin will be able to:
- Log into 8x8 admin accounts by using Multi-Factor Authentication (MFA)
- Change the multi-factor authentication method and get backup codes
Multi-factor authentication adds an extra layer of security to protect your 8x8 user accounts. 8x8 supports different second authentication factors:
- Authenticator apps, such as Google Authenticator, Authy, Okta Verify
- Backup codes
Note: Once the customer administrators opt to make MFA mandatory for their users, they will enable MFA for all users, company wide. It is not possible to enable it for individual users.
To enable MFA:
- In the 8x8 Admin Console go Home > Identity & Security.
- In the Identity & Security page, under 8x8 Authentication, expand Advanced password settings and select Multi-factor authentication for all users toggle On to enable mandatory MFA for all users.
- Slide the cursor to set up the wanted frequency.
- Click Save.
All users will now be required to configure a second factor during the next login.
Note: This configuration only applies to logins using the 8x8 Authentication. Users logging in with organizational credentials via Single Sign-on Integration (e.g, Okta, AzureAD) are not prompted for 8x8 multi-factor.
To find more details and how this configuration works, read here.
After the MFA was enabled, during the first login, admins have to configure their second factor before logging into their 8x8 admin accounts.
To log in to your 8x8 admin account:
- Navigate to the login page and enter your 8x8 admin credentials and click Login.
After the MFA is enabled, during the first login, configure the two-factor authentication for your admin account. Choose one of the available option: Authenticator apps, SMS, E-mail, Backup codes, and click Continue.
- Enter the verification code and click Verify. Once configured, users are logged in as normal.
- Optinaly: During the subsequent login, users can choose to not be prompted for the second factor on the same device for 90 days.
- If you are using a different browser, clearing browser cookies, or using incognito mode you have to authenticate by MFA even if the box was checked.
- If you choose to use the Authenticator app, during the subsequent login, a QR code displays and you can install Google Authenticator on your mobile device to generate the time-based one-time password protocol.
If you want to use other MFA method:
- From the Application Panel (apps.8x8.com), on the upper-right corner, click User Profile menu and click Settings .
In the Multi-factor authentication settings window, you can add/change/remove authentication methods.
Important! Once an administrator enables the MFA method, users must have at least one method enabled at all times.
- Once you set up your MFA method(s) you want to use to log in to your 8x8, close the window and go back to the Application Panel (apps.8x8.com) and select 8x8 Admin Console. Now, you can use any MFA method you set up to log in to your admin account.
- To ensure continued access, even in the event that a user loses access to their second factor, it is recommended that users get backup codes and store them somewhere secure. These one-time-use codes can be entered during the login flow in place of SMS, E-mail, or Authentication App. To enable these, click + Add another and choose Backup Codes.
- Once you set up your MFA method(s) you want to use to log in to your 8x8, close the window and go back to the Application Panel (apps.8x8.com) and click the 8x8 Admin Console app. Now, you can use any MFA method you set up to log in to your admin account. To find more details and how this configuration is work,, read Log into 8x8 admin account by using MFA
- To ensure continued access, even in the event that a user loses access to their second factor, it is recommended that users get Backup Codes and store them somewhere secure. These one-time-use codes can be entered during the login flow in place of SMS, E-mail, or Authentication App. To enable these, go to the Multi-factor authentication settings window, and click + Add another > Backup Codes.