You can enable or disable 2-step login verification en masse for all of your organization's Box accountholders. You can enable or disable 2-step login verification for all of your organization's external collaborators, or just for specific external collaborators based on their domains.
To enable 2-step login verification for your Box accountholders
- Navigate to Admin Console > Enterprise Settings > Security tab.
- In the 2-Step Login Verification section, check Require all managed uses to have additional verification for unreconized logins.
- At the top of the page, click Save.
Note
When you enable 2-step verification for logins, people must log in again through the Web app to set up the association with their mobile phone. If they do not first log into their account through the Web app, they can't use any mobile device to access Box.
If Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification. Navigate to Admin Console > Enterprise Settings > User Settings tab to access single sign-on settings.
Note
When you enable and save this setting, Box sends email notifications to all of your existing managed users, alerting them to log in and complete the setup of 2-step verification for their account
If someone loses their phone or for some other reason cannot access the confirmation codes sent to their mobile device, you can exempt this individual from the 2-Step login verification requirement. Someone who's exempted is able to log in successfully with only their Box password.
To enable (or exempt) 2-step login verification for all your external collaborators
- Navigate to Admin Console > Enterprise Settings > Security tab.
- In the 2-Step Login Verification section, click Edit Configuration.
- When the 2-Step verification for External Collaborators window opens, click Enable for all external collaborators.
- To exempt all external collaborators from 2-step verification, click Disabled.
- At the top of the page, click Save.
To enable specific external collaborators for or exclude them from 2-Step login verification
- Navigate to Admin Console > Enterprise Settings > Security tab
- In the 2-Step Login Verification section click Edit Configuration.
- When the 2-Step verification for External Collaborators window opens, do one of the following:
- click Enable only for select domains or users
- click Enable for all external collaborators except for select domains or users.
- In the Domains or Email Addresses box, type in the domains or individuals you want specifically to enable or exclude.
- For your settings to take effect immediately, retain the default setting of Enforce immediately.
- To delay implementing your settings, click Enforce on a future date and send notification warnings to existing affected users. Then click the Enforcement date box and select the date you want your settings to take effect.
- The system alerts anyone wose login process will change as a result of your setting.
- At the top of the page, click Save.