Multi-Factor Authentication (MFA) adds an extra layer of security for WS_FTP Server accounts, including accounts accessed through the Web Transfer or Ad Hoc Transfer Clients. It helps prevent unauthorized access if a password is lost, stolen, or compromised.

Note: MFA settings are managed by your system administrator. Users cannot enable or disable MFA independently unless the administrator has configured it as optional.
With MFA enabled, users must provide:
  1. Username and password.
  2. A verification code generated by an authenticator app.

Prerequisites

  • WS_FTP Server is installed and configured.
  • WS_FTP Server Manager is accessible.
  • Users must install an Authenticator App, such as Google Authenticator or Microsoft Authenticator, on their mobile device.

How MFA works

  1. After entering their username and password, users are prompted for a verification code.
  2. This code is generated by a mobile authenticator app, such as Google Authenticator or Microsoft Authenticator.
  3. Each code is unique and time-sensitive, ensuring secure access.

MFA policy options

Your system administrator can configure MFA in several ways:

Policy option

Description

Who can enable/disable MFA

User experience

Unenforced

MFA is not available for any users.

Not applicable

No MFA prompts. Standard log on only.

Optional

Users may choose to enable or disable MFA for their account.

Individual users

Users can opt in/out during log on or via product UI.

Enforced

MFA is required for all users or specific user groups.

System administrator

MFA setup required. Log on always prompts for verification code.

Exempt

Specific users are excluded from MFA, even if their group requires it.

System administrator

Exempted users log on without MFA. Others follow enforced policy.
For more information, see Configure MFA.