user mfa

👋 Hi ​@nw-admin, welcome to the Box Community! As the admin, you need to configure 2-step login verification for external collaborators first. After you enforce 2FA, external collaborators must enroll in 2FA with Box to access your enterprise's shared content.

1. Go to Admin Console > Enterprise Settings > Security.
2. In the Multi-Factor Authentication section, under External Users, select Configure or Edit Configuration.
3. In the 2-Step Verification for External Collaborators dialog box, select whether to disable 2-step login, enable 2-step login for all external collaborators, or enable for - or except for - a defined set of external collaborators. If you enable 2-step login, select when it will be enforced. For more details, see the External Collaborators section in Enterprise Settings: Security Tab.
4. Click Save. 
5. Use MFA to authenticate this change, using the method described in Multi-Factor Authentication Required for Admin Console Critical Actions.
6. At the top of the page, click Save.
    

👉 Check out Configuring Multi-Factor Authentication to learn more.

External collaborators who are already enrolled in 2FA with Box, or who are using an SSO provider to access their Box account, can continue to access the shared content.

Please have them check: Enrolling in 2FA for External Collaboration for instructions.​​​​

Let us know if you have any other concerns. 😊​​​

Thank you. The users (for who I want to enable 2FA) are not external collaborators. They are users under our plan.

I found the spot where it says, “require mfa for all managed users” and it is greyed out. Which makes me wonder if this feature (end user mfa) just isn’t available under our plan.

Does this mean that they can’t use 2FA at all?

You’re welcome ​@nw-admin, and thanks for clarifying your concern.

I would like apologize for any confusion. Upon further review, the Security tab within the Admin Console is only available for Enterprise plans and above, as per Box Feature Matrix. You're absolutely right—this limitation is expected behavior based on the plan your organization currently utilizes.

That said, all users can technically enable 2FA, but only Enterprise and higher tiers have the ability to enforce it across managed users.

If you'd like your managed users to enable 2FA individually without upgrading your account, you can simply have them follow these steps to do so:

1. Go to Account Settings > Account.
2. In the 2-Step Verification section, click Set Up.
   (Note: You will not see this section if your organization uses single sign-on (SSO) for authentication.)
3. Select Authentication App (recommended) and click Next.
4. Open the authentication app on your phone and scan the QR code. (You can also enter the secret key located under the QR code into the authenticator app manually.)
5. Enter the code you received in the authenticator app and click Submit.
6. Enter a phone number for verification, which would be used by Box support to verify your identity in the case where you are not able to authenticate in the app, and click Submit.
7. Copy the backup codes. Once copied, paste them into a file only you have access to and save the file somewhere secure.
8. Click Complete.

 
For other options they can use, they can check this article: Multi-Factor Authentication Set Up for Your Account
 
Thanks for understanding and let me know if you have further questions. 😊