Enabling or Disabling Two-Factor Authentication

Two-Factor Authentication provides extra security on user accounts by requiring users to type the verification code generated by the Google Authenticator app in order to sign in to Control Manager. Use the User Accounts screen to enable or disable Two-Factor Authentication for all Control Manager user accounts.

Important:

Two-Factor Authentication for Control Manager requires the following:

Note:

  • The Root account can always bypass Two-Factor Authentication.

  • You cannot enable Two-Factor Authentication for Trend Micro Customer Licensing Portal (CLP) accounts from the Control Manager console.

    For more information, see the Trend Micro Customer Licensing Portal documentation.

  • Although the verification code generated by the Google Authenticator app changes every 30 seconds, users can still use previously generated codes up to 5 minutes old to sign in to Control Manager.

  1. Go to Administration > Account Management > User Accounts.

    The User Accounts screen appears.

  2. To enable two-factor authentication:
    1. Click Enable Two-Factor Authentication.

      A confirmation dialog box appears.

    2. Click Enable.

      • A warning message appears at the top of the User Accounts screen, prompting you to configure email addresses for all user accounts.

        Click the link to view users without configured email addresses.

      • The email address field on the Add User Account screen becomes a required field.

      • Control Manager requires users to type the verification code generated by the Google Authenticator app, in addition to a valid user name and password, in order to sign in.

  3. To disable two-factor authentication:
    1. Click Disable Two-Factor Authentication.

      A confirmation dialog box appears.

    2. Click Disable.

      Signing into the Control Manager web console will only require the use of a valid user account and password.

Parent topic: User Accounts