MFA settings are managed by your system administrator. Users cannot enable or disable MFA independently unless the administrator has configured it as optional..

Enable MFA

  1. To enable MFA for all users, open WS_FTP Server Manager.
    • Navigate to Home > Other Settings > Multi-Factor Authentication.

      or

    • Select Multi-Factor Authentication from the Host drop-down list.
  2. Select the Allow Multi-Factor Authentication for all users in this organization check box.

    This provides users with the flexibility to enable or disable MFA for their account.

  3. Enable MFA based on the requirements of your organization.

Require MFA

You can enforce MFA for all users or specific accounts.
  1. To enforce MFA, you must first enable MFA for all users. Select the Allow Multi-Factor Authentication for all users in this organization check box.
  2. To enforce MFA by user class, select one or more of the user class options. Select all of the options to enforce MFA for all users.
    • System Administrators
    • Host Administrators
    • Regular Users
  3. Click Save.

MFA unsupported services

Certain WS_FTP Server services and authentication methods do not support MFA. Specify which of the following services, which do not support MFA, should be accessible to users with MFA enabled:
  • FTP(S) access: Client certificate authentication may be required for access. If the environment includes client certificate authentication, it may provide sufficient security to allow access without MFA. Otherwise, disabling access might be preferred.
  • SFTP access: SSH user key authentication may be required for access. If the environment requires SSH keys, they may offer enough security to permit access without MFA. If not, access should likely remain disabled.
  • Outlook Add-In access: Only password authentication is supported. Use with caution.

Exempt users from MFA

You can exempt specific users from MFA. If MFA is required for their user class, they will be exempt.
  1. Select Host > Users.
  2. Select the user from the list.
  3. To exempt the user, select the Exempt this user check box.
  4. (Optional) include exempted users in their own user group for tracking.
  5. Click Save.
Note: It is best practice to notify users of any security policies that alter the sequence of steps or information needed at sign on before you apply these controls.

Self-select MFA (optional policy)

If your organization’s MFA policy is set to Allow Multi-Factor Authentication for all user in this organization, but MFA is not enforced, you have the flexibility to enable or disable MFA for your account.

Enable MFA: You can enable MFA during the log on process or from the Set MFA option on the WS_FTP Server user interface.

Opt out: If you do not want to enable MFA, select the Skip this time or Skip permanently options during log on. You can later enable MFA from the Set MFA option on the WS_FTP Server user interface if you change your mind.