In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Signup and Login section, check the box next to the "Login verification" label.
Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.
Once you enable 2-step verification for logins, your users must log in through the web app to set up the association with their mobile phone. Without first logging into their account through the web app, they will not be able to access Box through any mobile device.
If your user loses his phone or for some other reason cannot access the confirmation codes sent to his mobile device, you have the ability to exempt this user from the 2-Step Login Verification requirement. An exempted user would be able to log in successfully with only his Box password. In order to exempt a user, navigate to the appropriate user under "Managed Users". In the Edit User Access permissions section, check the box next to the "Login verification" label.