When you enable this setting, affected users in your organization will have to use a time-based, one-time password (TOTP) authenticator app, such as Duo, Windows Authenticator, or Google Authenticator. The authenticator app provides a TOTP token for users to authenticate themselves to Webex.

If a user gets a new mobile device or needs to reset the authenticator, have them reset their Webex account password so they can re-enroll with the authenticator app.


 

We highly recommend that you use Duo since it's free for both iOS and Android.

Before you begin

Inform affected users that you're going to enable MFA for them, and when and how they should enroll and use the authenticator by:

  • Telling users where to find the app, and that they need to download and install it to prepare for when you enable MFA.

  • Providing users with instructions on how to enroll. For example:

    • Run Webex App and provide email address and password as usual. When you click next, Webex App shows you a QR code.

    • Open your authenticator app and add a new account.

    • Point your phone's camera at the QR code when prompted. This links the new authenticator account with your Webex identity.

    • Click Next on the Webex QR code screen.

    • Generate a new code with the authenticator app.

    • Enter the code into the Webex sign-in screen, and click Submit.

  • Reminding users when you're going to enable MFA.


 

If your organization has single-sign on (SSO) enabled, then the MFA setting isn’t supported.

1

From the customer view in https://admin.webex.com, go to Management > Organization Settings and scroll down to the Authentication section.

2

Toggle the switch under Multi-Factor Authentication to on.

3

Select from the following settings:

  • Allow MFA per user: Toggle this switch to on to allow individual users to enable MFA from their profile page.

  • Allow mandatory MFA for selected applications: Toggle this switch to on to make MFA mandatory for users who access the applications indicted below. When this switch is on, each application listed under the App name heading below can be selected for mandatory MFA by toggling the Allow MFA setting to on.

  • Allow mandatory MFA for organization: Toggle this switch to on to make MFA mandatory for all users for all applications. Users cannot control MFA settings from their profile page.

Regardless of the setting chosen above, users must enroll with the authenticator app the next time they sign in to Webex.

 

If a user is already authenticated and using a valid OAuth token to remain signed in, then they'll stay signed in. They're asked to enroll when they have to sign in again.