Article Contents (click a link to skip to that section)
- Enabling Two-Step Verification
- Can I Force my Users to Use Two-Step Verification?
- Two-Step Verification with ShareFile Apps
- Setting an App-Specific Password
- ShareFile Apps That Do Not Support Two-Step Verification
- Generating Backup Codes
- Disabling Two-Step Verification
- Login with Two-Step Verification
Two-Step Verification settings are managed at Personal Settings > Personal Security > Two Step Verification.
You are prompted to enter your country as well as the phone number you would like ShareFile to send an SMS or voice message to. You do not need to enter your country code,. You can choose to receive either a text (SMS) message or a voice call to your provided phone number.
Pressing Send will send a code via the selected method to the provided number. Enter the code on the next screen in order to complete the setup of two-step verification. You are given the option to trust the computer you are currently using. Use this if you do not want to be prompted for another verification code when using this computer and browser in the future. The option to trust the computer can be disabled by the ShareFile Administrator for Client Users.
ShareFile Administrators can set policies as follows to require user enrollment for Two-Step Verification:
Require Two-Step Verification will require that the user group (Client Users as shown in the example above) enroll and opt in for Two-Step Verification. When enabled, the setting will be enabled for all Employee Users or Client Users or both.
For new users, the activation process will require that the user enter a phone number that is enabled for text message (SMS) or voice. For example:
For existing users, the user is prompted to enter the phone number that is enabled for text message (SMS) or voice on the next login from the Web App, client tools like Citrix Files for Windows, or mobile app like Citrix Files for iOS. See the Web App example:
Once enabled, the most popular ShareFile apps follow the same two-step verification process as the ShareFile website. These apps include:
- ShareFile Sync for Windows
- ShareFile Sync for Mac
- Citrix Files for Windows
- Citrix Files for Mac
- Citrix Files for Outlook (formerly ShareFile Outlook Plugin)
- Citrix Files for iOS
- Citrix Files for Android
Citrix Files for Outlook users may need to re-link their plugin after enabling Two-Step Verification.
Some other applications that run outside a browser are not compatible with Two-Step Verification, and you will need to create a separate password. When logging in, please enter this password instead of your regular password. After enabling Two-Step Verification, your typical ShareFile password will no longer be accepted by these apps. These apps include:
- User Management Tool – the app specific password is only supported when using the UMT UI and is not supported when using scheduled tasks.
You can access creation of application passwords under Application Specific Passwords, using the Create a Password button. On the new screen, you will be prompted to enter a label. This label will help you identify the app if you ever desire to revoke access to it. After clicking Generate, click the Copy button to copy the app-specific password to your clipboard. Next, Paste the new password into the password field of your app.
Revoking an application specific password
To view or revoke application specific passwords you have previously created, click the Manage Apps link in the Application Specific Passwords section.. On the My Connections page under Connected Apps you will see a list of labels you created for these application specific passwords, as well as when the password was last used. On this page, you can choose to revoke any previously created application specific password by clicking the Revoke link on the line with that password’s label. Any device using that password will have to be reauthenticated with a new password, and the password will no longer show up on this list.
Please note that the following apps do not support the Two-Step Verification feature. If Two-Step Verification is enabled for your user, you will not able to use these apps.
- ShareFile Desktop Sync for Windows (Adobe AIR)
- ShareFile Desktop Sync for Mac (Adobe AIR)
- Enterprise Sync Manager (Adobe AIR)
ShareFile allows you to generate a set of backup codes that can be used in the event that you will be unable to access your phone. Generate these codes using the Generate Backup Codes button. These codes may each be used only once. They will become invalid when a new set of codes is generated using this button.
If Two-Step Verification policies are not set for the user group you belong to, you can disable the feature using the Disable button at the bottom of the page. You will need to reenter your password to verify.
You can disable this feature for all users on your ShareFile account at Admin Settings > Security > Login & Security Policy > Two Step.
If the Two-Step Verification policy for the user group was set, the Disable button will not be shown to the user group.
Login with Two-Step Verification
After you have set up your Two-Step Verification, you will be prompted for your verification code after logging in to ShareFile on a computer you have not opted to trust. You must enter the code you have received most recently in order to proceed to your ShareFile account. If you do not receive the code, you can select I didn’t receive a code for more options. If you are still unable to get in to your ShareFile account, please contact your ShareFile administrator.
NOTE: When Enable “trust this device” for Clients Users is set to no, the trust option checkbox is not visible for Client Users as shown here.
You will see an additional option for the verification code:
- What backup capabilities are available for users in case they don’t have the phone registered for Two-Step Verification?
Users have the following choices for backup:
- Using Authenticator App – users can configure supported Authenticator app like Microsoft or Google by following the instructions under Personal Settings-> Personal Security -> Two Step Verification.
- All standard Authenticator apps that use the HOTP algorithm and accept a QR code are supported.
- Using Backup Codes as shown prior
- Enter a Backup Phone (Voice for example if you use SMS / Text previously)
- What is the expiration time frame for the text / SMS or voice based passcode?
- Can I disable Text / SMS / Voice option for Two-Step Verification if I have setup an Authenticator app?