Multi-factor authentication

You can turn on multi-factor authentication (MFA) to improve the security of your Sophos Cloud Optix account.

If you set up MFA, users must use another form of authentication, as well as usernames and passwords, when they sign in to Sophos Cloud Optix.

Note If you're accessing Sophos Cloud Optix from Sophos Central, you must configure MFA from in Sophos Central Admin.
Restriction If you've signed in with Google authentication, you can't turn on MFA in Sophos Cloud Optix. Turn it on in your Google account instead. Google authentication isn't available if you're accessing Sophos Cloud Optix from Sophos Central.

Turn on multi-factor authentication

  1. Click your customer name.
  2. Select Profile.
  3. Click Multi-factor Authentication. You see a QR code.
  4. On your mobile phone, open an authenticator. We recommend Google Authenticator.
  5. Scan the QR code.

    A code appears on your mobile phone.

  6. Enter the code in Authentication Code and click Submit.

The next time you sign in, you're prompted for a one-time passcode (OTP). You can find it in Google Authenticator.

Sign in with multi-factor authentication

Enter your email address and password.

  1. Enter your email address and password.
  2. Click Sign in.

    You're prompted to enter your MFA OTP.

  3. On your mobile phone, go to Google Authenticator and look for the Sophos Cloud Optix passcode.
  4. Enter the code in the sign-in screen and click Sign in again.

Turn off multi-factor authentication

If you're an Admin, you can turn off MFA for your own sign-in, or for other users on your account, for example if a user loses their mobile phone.

Read-only users can't turn off MFA in the Sophos Cloud Optix user interface.

  1. Go to Settings and click Users.
  2. Find the user.
  3. In the Action column, click the padlock icon to turn off MFA.