Zimbra Collaboration 8.7 will come with two-factor authentication (2FA) as a security feature that protects your account by providing identification of users through the combination of two different components. These components may be something that you know (password, UserID, etc) and something that you possess (smartphone, USB-key, etc). Learn how to turn it on!
2FA must be enabled in the Admin Console before it can be enabled at the User or Class-of-service level.
1. To enable 2FA in the Admin Console, head to: Home > Configure > Class of Service > yourCOSname > Advanced > Two Factor Authentication.
2. Under Two-Factor Authentication, you will find 4 fields to complete:
- Check the “Enable two-factor authentication” box
- Check “Require two-step authentication for all users” if you want 2FA to be mandatory for all users.
- Decide how many one-time codes to generate by typing a number in the field provided.
- Lastly, enable application passcodes for legacy applications that don’t support 2FA because you can generate exceptions codes for them.
User Web Client
Once the admin has enabled and configured 2FA, users will see a new option under Preferences > Account, called Two-Factor Authentication.
2. Select “Set up two-step authentication” to begin the process.
3. You will be led to a description of the feature. Select “Begin Setup” to start the process.
4. Provide your current password to your account and then click “Next.”
5. Next, you will be shown a Wiki link with One-Time Password (OTP) Apps Zimbra recommends to use. In this tutorial, we’ll focus on how to download Google Authenticator, but remember, there are various OTP apps Zimbra recommends for you to choose from.
6. Zimbra will then display a unique key that you must enter into your OTP App. See below how to download and use Google Authenticator.
7. To begin your download of Google Authenticator, head to your Smartphone’s application store and type the App name into the search bar. Click Install.
8. Once the App has installed, click “Begin Setup.”
9. You will then be asked whether you want to configure a Manual entry or Scan a barcode. Zimbra Collaboration 8.7 supports only manual entry for now. However, barcodes may be supported in the near future.
10. Next, enter your email address and the unique Key from the Zimbra Web Client (as shown in Step 6).
11. Copy the 6-digit code displayed. Keep in mind that the code expires every 15 seconds.
12. Head back to Zimbra and paste the 6-digit code into the wizard window and click Next.
13. You’re all done! 2FA is now enabled, so you’ll be prompted for a code in each new Browser, smartphone, computer, or app you use to access your account.
In your Preferences > Accounts > Account Security (if the Admin has enabled these options under the COS), you’ll see more options like one-time codes, Trusted devices, and Applications.
All trademarks are property of their respective owners. This site makes every reasonable effort to keep the information accurate and up-to-date. If you have feedback regarding the instructions above, please email firstname.lastname@example.org.