Identifying User Accounts Requiring Priority Attention for two-factor authentication (2FA) Readiness
Using Our User Report Guide
The subsequent steps are designed to offer guidance on utilizing the User Report to assist customers in their 2FA preparation process."
Step 1: Create a new Report by going to Reports -> Add Report
Step 2: From the available report types, select User Report
Step 3: (Optional): Under User Report Settings, additional filters can be added by clicking the “More” dropdown to help limit the returned results to user accounts that need to be prioritized for updates, prior to the 2FA activation. For this example, we have added filters for Role Assignment and the Enable 2FA flag to help identify administrators’ user accounts which do not have 2FA enabled, and may get impacted once 2FA is activated. We chose to filter to the Administrator role, and for user accounts that are set to “No” for Enable 2FA.
Step 4: Ensure appropriate columns are checked for the report outputs. Customers can include as many of the columns as needed, but we recommend including the following columns, highlighted in red, which will help identify user accounts with 2FA not enabled.
- Users with no phone numbers
- Potential duplicate phone number entries
- User Accounts with the highest set of privileges which have the pre-mentioned considerations
We also recommend sorting results by Phone Number, which will organize the results with user accounts with no phone numbers set.
Step 5: Once the Report configuration is completed, click the Next button and the report will be generated, in which the results can be audited for where action would need to be taken, prior to the 2FA activation. An example of the output is included below, where we identified several administrator users that had no phone numbers, and 2FA was not enabled. Our next steps internally were to update contact information for the active accounts, delete suspended users, and enable 2FA for the users.
See also 2FA FAQ’s and LogicMonitor Security Best Practices