How to enable and configure Two-Factor Authentication in Advanced EPDR/EDR

How to enable and configure Two-Factor Authentication in
Advanced EPDR/EDR?

• Advanced EPDR
  Advanced EDR

Advanced EPDR/EDR supports the two-factor authentication (2FA) standard in order to add an additional layer of security beyond that offered by the user/password basic pair. This way, when the network administrator attempts to access the Web console, they will be prompted to enter an additional authentication item: a code that only the account owner has. This is a randomly generated code that is sent to a specific device, normally the
Advanced EPDR/EDR administrator’s personal smartphone or tablet.

• Access to a personal smartphone or tablet with a built-in camera.
• Google Authenticator or an equivalent app must be installed on the personal device. Google Authenticator can be downloaded for free from https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl

In the top menu, click the user account and select the Set up my profile option. This will open the Advanced EPDR/EDR Account window.

• Click Login from the side menu and then click the Enable link in section Two-step verification. A window will open for you to configure Google Authenticator or the equivalent app installed on your mobile device.
• Scan the QR code displayed in the window using Google Authenticator or your equivalent app and enter the generated code in section Enter the code provided by your app. Finally, click the Verify button. From this moment onwards, your device will be linked to the Advanced EPDR/EDR service and will generate short-lived random passcodes.

To access the console with a user account that has 2FA enabled, enter your login address, password, and the code generated on the device linked to the account.

To force all console users to enable and use 2FA, the user account from which the use of 2FA is enforced must have the Manage users and roles permission and access to all computers on the network. Refer to section Manage users and roles for a description of the aforementioned permission and section Role structure for information on how to configure the groups the role will grant permissions on:

• Click the Settings menu at the top of the console. Then, click the Security tab
• Select the option Require users to have two-factor authentication enabled to access this account.
• If the user account that forces all console users to have 2FA enabled does not have 2FA enabled for itself, a warning message will be displayed prompting you to access the Panda Account and enable the feature.