This article provides further information on the use of Multi-factor authentication with Enterprise Console.
Applies from the following Sophos product(s) and version(s) Enterprise Console 5.5.2
Multi-factor authentication is introduced in Sophos Enterprise Console 5.5.2 and can be enabled and devices enrolled by clicking on Tools | Manage multi-factor authentication.
To enroll a device you must use an application that supports the SHA256 algorithm, such as Sophos Intercept X for Mobile. This can be done by scanning the QR code or by manually entering the Key provided.
You can see the algorithm details and the required Key by clicking on Show algorithm details on the Register your device window.
When performing the enrollment you must ensure the time on the Enterprise Console server is synchronized with the time on your authentication device. Even a minute difference could be enough to invalid the code. Under such circumstances the following error will appear:
Note: This does not affect timezone differences between the Enterprise Console and your authentication device.
Once enabled and enrolled you will need to authenticate to perform the following:
Access to enable/disable multi-factor authentication can be managed by the Multi-factor authentication right under Manage Roles and Sub-Estates. Only accounts with this right can enable or disable multi-factor authentication for all accounts and manage all Sophos Console Administrator accounts listed under Multi-factor authentication administration.
Further information on how to set this up, enroll and the Sophos recommendations can be found in the Enterprise Console Help.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.