How to force user to use two factor authentication

ShermaineW

Hi Expert,

I have setup 2 factor authenticatiom on the company administrator account by edit the profile. however it seems each user can turn on/off of that features at their own settings. I am thinking if there is a way we can enforce this feature for all users?

Thanks a lot

Shermaine

JeanK

Hello all,

You can now force your users to use Two-Factor Authentication.

Please find how to proceed in our article:

📄 Enable Two-Factor-Authentication enforcement on company members

It would be great to hear your feedback about it.

All the best,

/JeanK

Julia

Hi Shermaine,

Thank you very much for your post and your suggestion.

To force users to use the 2FA is a feature request at the moment and therefore I forwarded your suggestion to our product management. Such ideas are always welcome, although I can not promise when or if this Feature will be implemented, as the decision is based on public demand. Nevertheless, your feedback is very important to us as we want to continue to develop TeamViewer based on our user's needs and demands.

If anybody else would like to have this feature, please give Shermaine's post a kudo.

Have a great day

Julia

TeamYP

How many requests would we need to get this feature on a roadmap?

 

bmineau

We have many users since we use the product for technical support in a large call center environment and for PCI compliance we need to ensure two factor authentication is activated.

We are currently using 10 hours a week to audit the users and ensure that two factor authentication is enabled.

Being able to enforce this is crucial to our continued use of teamviewer.

Thanks,

Brandon

 

JoshRizzo

Agreed. We have security requirements (and comparisons to *bleep*) that would make this be a welcome feature. 

Side note, I would not called this "Solved" thought it was "Answered" the issue / need still remains.

gavinswilson

Is there a way to force a server to only accept 2 factor authentication?

JBergonje

The two factor authentication is a security feature available for TeamViewer accounts not for devices, there is no way to force the accounts or devices that are going to connect to a server or any device to use two factor authentication on the connection, I repeat the two factor authentication is only related to the account and to log in with the account on TeamViewer, not to connect to devices.

Hope this information is useful for you

bmineau

Is there any update on this feature?

I'm unfortunately pressed for time and if the feature won't be available by Feb 2018 i will need to find another solution.

Thanks!

alippiatt

We would also like this feature.

Jannick

Any progress made in 2018 already? :manvery-happy:

This is noticed as solution.. So maybe I'm missing something

taemo

interested on this as well.

I don't see a way to enforce 2FA is enabled with policies.

No report either to tell me if a user has 2FA enabled nor a way to remove their 2FA in case they need to.

 

JBergonje

There is no policie available to enforce the 2 factor authentication on the user accounts of a license, this always have to be set by each user, due to privacy policies there is no reports available neither about the 2 factor authentication use, to deactivate it the user will have to login on the application and desable the option on the profile or use the deactivation code provided by the system when the option was enable for the account

taemo

Are there any plans to have those functions added on TeamViewer?

As someone that is responsible to manage TeamViewer for an organization, I would like to enforce those policies for security and logging purposes

 

JBergonje

I understand your situation but due to the privacy policies of TeamViewer I don't think this option will be available anytime soon, the 2 factor authentication is a security option for the accounts registered on TeamViewer, each owner of the accounts needs to decide to use that option or not. 

bmineau

Then why not set it up to disallow a user to access the company unless the feature is set up?

This a PCI issue when remoting into the system, if the user has taken it upon themselves to remove the two factor then the company is held liable.

JoshRizzo

The remote system being accessed needs to be considered an asset of the owner, and as the owner, we need to be able to dictate how guests can access. It is not unreasonable to prompt a TeamViewer user with a warning: "The security on the remote system requires guests to have Two Factor Authentication enabled. Please enabled 2FA or contact the remote system administrator for access."

We are using TeamViewer for mission critcal busiess, and the response to this concern is an indication of how seriously TeamViewer considers modern securty concerns. It is not uncomon to defend the use of TeamViewer vs *bleep*. https://www.*bleep*.com/verify

 

bmineau

It's unfortunate that TeamViewer really is a nice piece of software.  But with a short minded and immobile vision that refuses to listen to its corporate paid subscribers (we, for example, use the yearly subscription license and have 12 channels) it seems like it's time to pick a better and newer product that is willing to keep up with the growing market and adapt to its client needs.

Unfortunate indeed

jeremiahmiller

For personal accounts this makes sense. But for corporate accounts we need to be able to enforce this option via policy. Or at the very least prevent access to Company assets until 2FA is set up.

TV-ME

Yeah, we need to force this. I asked for this since the beginning of 2fa as a corporate customer and still not implemented. Theoretically all our technicans can deactivate 2fa by their own. That is a huge risk!

sbohmer

Not solved.

ARGroundzero

My organization requires MFA on all remote connections.  We have been waiting for Teamviewer to step up and enable this feature to be forced.  This is a huge security risk.  We will start to look at other providers for remote access at this point.

MDNinja

Is this feature enabled yet?

ARGroundzero

Spoiler

Unfortunately Teamviewer is refusing to add this citing privacy issues in doing so.  We have started to evaluate **Third Party Product** to replace our current Teamviewer deployment.  

bmaestas

AGREED!!!

RSHBM

---

@JBergonje wrote:

I understand your situation but due to the privacy policies of TeamViewer I don't think this option will be available anytime soon, the 2 factor authentication is a security option for the accounts registered on TeamViewer, each owner of the accounts needs to decide to use that option or not. 

---

I really do hope that this is not an offical statement of TeamViewer company, as it would disqualify your product for corporate use in companies that care about laws, security and compliance regulations! 

jeremiahmiller

Agreed.

I don't see how requiring 2FA is a "privacy" concern. If a technician is part of our corporate account, we should be able to require them to have 2FA and prevent them from accessing our protected assets until they meet the requirements. This is not a privacy issue, it's basic compliance with security and legal requirements.

ThomasL

The users haven't set up these accounts as individuals. The accounts are set up and managed by the company, so thereby the company is the owner and is the part that should decide if this should be turned on.

jeremiahmiller

Do you have any update on this feature request please? It's been more than 2 years since the original post

sbohmer

Yes...this!  ThomasL for president.

beyondsolutions

Hi Julia,

That was a nice reply - more than 3 years ago...
I believed that Teamviewers policy is to solve solutions on a very hight security level.

Today it is common standard to give a company the possibility to build up its internal security standards on web applications/services.

So, really, please do your homework and follow up this important security feature. The missing feature actually keep us from upgrading our subscription.

All the best,
Mirko

thatsimonguy

Any update on this yet?