When you enable this setting, affected users in your organization have to use a time-based, one-time password (TOTP) authenticator app, such as Duo, Windows Authenticator, or Google Authenticator. The authenticator app provides a TOTP token for users to authenticate themselves to Webex.

If a user gets a new mobile device or needs to reset the authenticator, have them reset their Webex account password so they can reenroll with the authenticator app.

We highly recommend that you use Duo since it's free for both iOS and Android.

Before you begin

Inform affected users that you're going to enable MFA for them, and when and how they should enroll and use the authenticator by:

  • Telling users where to find the app, and that they need to download and install it to prepare for when you enable MFA.

  • Providing users with instructions on how to enroll. For example:

    • Run Webex App and provide your email address and password as usual. When you click next, Webex App shows you a QR code.

    • Open your authenticator app and add a new account.

    • Point your phone's camera at the QR code when prompted. This links the new authenticator account with your Webex identity.

    • Click Next on the Webex QR code screen.

    • Generate a new code with the authenticator app.

    • Enter the code into the Webex sign-in screen, and click Submit.

  • Reminding users when you're going to enable MFA.

1

Sign in to Control Hub.

2

Go to Management > Organization Settings and scroll down to the Multi-Factor Authentication section.

3

Turn on Allow Multi-Factor Authentication.

The MFA settings apply only to users and administrators within your organization. External users or administrators don’t follow your organization's MFA settings. These external users follow the MFA policies and sign-in processes of their own organizations.

4

Select from the following settings:

  • Allow users to configure their own MFA settings—Select this to allow users to manage their MFA settings from their profile page. You can override these settings by resetting the user's password.

  • Require mandatory MFA for selected apps—Select this to make MFA mandatory for users who access the applications indicated below. When selected, each application listed under the App name heading below can be selected for mandatory MFA by turning on Allow MFA. Users must use MFA when accessing selected applications, while other applications can be accessed using just a password.

  • Enforce mandatory MFA for your organization—Select this to make MFA mandatory for all users across all applications. When selected, users are unable to modify MFA settings from their profile page.

Regardless of the setting chosen above, users must enroll with the authenticator app the next time they sign in to Webex.

You can also configure MFA for organizations using multiple IdPs within your organization in Control Hub. For more information, see SSO with multiple IdPs in Webex.

Users stay signed in if they're already authenticated and using a valid OAuth token to remain signed in. They're asked to enroll when they have to sign in again.

Reset multi-factor authentication for an individual user

You can reset MFA for a user when they have lost their MFA token or so they can set up a new multi-factor authenticator.
1

Sign in to Control Hub.

2

Go to Users and select the user you want to reset.

3

Scroll down to Security and select Reset MFA.

The user receives an email alerting them to the MFA reset.