2FA FAQ:
Q: What is Two-Factor Authentication (2FA)? A: 2FA is a security measure that requires users to provide two verification factors to gain access to an application, enhancing the security of user accounts.
Q: How does 2FA work? A: When 2FA is enabled, users will need to provide their password and an additional verification method, such as a code sent to their mobile device or an authenticator app.
Q: Why is Commvault enforcing 2FA for all users? A: We are enforcing 2FA to provide an additional layer of security for our customers. 2FA significantly reduces the risk of unauthorized access and helps protect sensitive data.
Q: When will Commvault enforce 2FA for all users? A: Commvault Cloud will enforce 2FA for all customers starting March 25, 2025.
Q: Why is the message to set up 2FA showing up? A: Commvault is prompting all customers to enable 2FA on their own during this period. If 2FA is not set up by March 25, 2025, enforcement will begin from the Commvault side.
Q: As an Administrator, how do I enable 2FA for all users? A: Tenant Admins can enable 2FA for their Tenant Users. For detailed instructions, refer to the Enabling Two-Factor Authentication documentation. You can also watch the demo here.
Q: As a user, how do I log in after enabling Two-Factor Authentication (2FA)? A: On the login page, enter the PIN from your Authenticator App or click "Get PIN" via the email configured on your user account. IMPORTANT: "Get PIN" requires a valid email address configured on your user account. You can also watch the demo here.
Q: Can I disable 2FA for my account? A: For security reasons, 2FA is mandatory and cannot be disabled. This ensures that all accounts are protected with the highest level of security.
Q: As a user, how do I set up 2FA for my account? A: From https://login.metallic.io, enter your username/email and password. Then, scan the QR Code using an Authenticator App of your choice. For step-by-step instructions, refer to the Mobile Authenticator Apps documentation.
Q: Can I continue to use a username and password for API access? A: API access will only be possible using an Access Token after 2FA is enabled on the user account.
Q: What happens if we use an external authentication method like SAML? A: If an external authentication method like SAML is set up, there will be no impact. You will not receive the notifications about the 2FA setup.
Q: How do I configure an Access Token? A: From the Command Center, navigate to Manage > Security > Users. Click on the Access Tokens tab and select Add Token to generate an Access Token with the required conditions.
Q: Can I configure 2FA for my break glass account? A: Yes, it is highly recommended to set up 2FA for your break glass account. IMPORTANT: The “Get PIN” option requires an email address with a valid mailbox configured on your user account.
Q: What to do if a user loses their secret key? A: The tenant admin can reset the secret key for their users.
