If you want to add an extra layer of security for users in your organization, you can enable multi-factor authentication (MFA) in Control Hub. Users then have to enter codes from an authenticator app on their mobile devices to sign in to Webex.
When you enable this setting, affected users in your organization will have to use a time-based, one-time password (TOTP) authenticator app, such as Duo, Windows Authenticator, or Google Authenticator. The authenticator app provides a TOTP token for users to authenticate themselves to Webex.
If a user gets a new mobile device or needs to reset the authenticator, have them reset their Webex account password so they can re-enroll with the authenticator app.
We highly recommend that you use Duo since it's free for both iOS and Android. |
Before you begin
Telling users where to find the app, and that they need to download and install it to prepare for when you enable MFA.
Providing users with instructions on how to enroll. For example:
Run Webex App and provide email address and password as usual. When you click next, Webex App shows you a QR code.
Open your authenticator app and add a new account.
Point your phone's camera at the QR code when prompted. This links the new authenticator account with your Webex identity.
Click Next on the Webex QR code screen.
Generate a new code with the authenticator app.
Enter the code into the Webex sign-in screen, and click Submit.
Reminding users when you're going to enable MFA.
If your organization has single-sign on (SSO) enabled, then the MFA setting isn’t supported. |
1 | From the customer view in https://admin.webex.com, go to and scroll down to the Authentication section. |
2 | Toggle the switch under Multi-Factor Authentication to on. |
3 | Select from the following settings:
Regardless of the setting chosen above, users must enroll with the authenticator app the next time they sign in to Webex. |
If a user is already authenticated and using a valid OAuth token to remain signed in, then they'll stay signed in. They're asked to enroll when they have to sign in again. |