Enforce multi-factor authentication (MFA) to enhance account security and prevent attackers from exploiting critical actions to perform malicious activities.

Enabling MFA is only available to Master Administrator users. Once MFA is enabled, all users are required to configure MFA settings on their devices before they can authenticate with Trend Vision One. This configuration is a one-time requirement.


  1. Go to AdministrationUser Accounts.
  2. Click Multi-factor authentication.
  3. In the Multi-Factor Authentication Settings panel, click the toggle to enable MFA.
  4. Select the operations for which you want MFA to be enforced prior to execution, and click Save.
    The following table provides a list of operations where MFA can be implemented.
    Identity and access management operations
    Configure API Keys settings
    Configure identity providers
    Configure user roles, user accounts, and asset visibility scopes
    Response actions
    Add custom scripts
    Collect Evidence task
    Collect File task
    Run YARA rules task
    Run Remote Custom Script task
    Run osquery task
    Start Remote Shell Session task
    Submit for Sandbox Analysis task
    Security playbook operations
    Create, edit, or delete playbooks
    Approve or reject pending actions
    Upload a new custom script
    Manually execute playbooks in Security Playbooks or from Workbench
    MFA is not required in the following circumstances:
    • MFA settings do not apply to response actions taken by the Managed Services operations team.
    • Response actions in automatically triggered security playbooks do not require MFA.
    • MFA is not required when retrying a timed-out action.
  5. Configure MFA settings.
    1. Review the information in the Configure Multi-Factor Authentication (MFA) screen that appears when signing in to the Trend Vision One console or performing specified operations, and click Continue.
      You can also configure MFA in advance. To do this, access the Account Settings screen using your profile picture in the upper-right corner of the Trend Vision One console, and then click the Multi-factor authentication toggle.
    2. Install a compatible virtual MFA application (such as Google Authenticator) on your smartphone, PC, or other device.
    3. Configure MFA on your device by scanning the QR code or using the secret key.
    4. Enter the one-time password provided by the MFA application and click Next.
    5. Record the reset code, click I have stored my reset code in a safe location., and click Done.
    • Local accounts need to provide a verification code from your authenticator app to sign in to Trend Vision One.
    • All accounts need to provide a verification code from your authenticator app to perform the specified operations in Trend Vision One.
    • To ensure security, the verification code generated is valid for only 30 seconds. If the code is not used within this time frame, a new one must be requested.
    • Once authenticated, MFA sessions remain valid for 15 minutes. The users do not need to do MFA again to initiate critical actions during this period.