Multi-factor authentication

You can turn on multi-factor authentication to improve the security of your Sophos Cloud Optix account.

This means you must use another form of authentication, as well as username and password, when you sign in to Sophos Cloud Optix.

Note If you are accessing Sophos Cloud Optix from Sophos Central, you should configure MFA from the Sophos Central Admin console, not through Sophos Cloud Optix.
Note If you've signed in with Google authentication, you can't turn on multi-factor authentication in Sophos Cloud Optix. Turn it on in your Google account instead. Google authentication is not available if you are accessing Cloud Optix from Sophos Central.

Turn on multi-factor authentication

  1. Click your customer name (in the upper right of the page).
  2. Select Profile.
  3. Click the Multi-factor Authentication tab. You’ll see a QR code.
  4. On your mobile phone, open an authenticator (we recommend Google Authenticator).
  5. Scan the QR code.

    A code is shown on your mobile phone.

  6. Enter the code in Authentication Code and click Submit.

The next time you sign in, you’ll be prompted for a one-time passcode. You can find it in Google Authenticator.

Sign in with multi-factor authentication

Enter your email address and password.

  1. Enter your email address and password.
  2. Click Sign in.

    You're prompted to enter "MFA OTP" (Multi-factor authentication one-time passcode).

  3. On your mobile phone, go to Google Authenticator and look for the Sophos Cloud Optix passcode.
  4. Enter the code in the sign-in screen and click Sign in again.

Turn off multi-factor authentication

If you are an Admin user, you can turn off multi-factor authentication for your own sign-in or for other users on your account (for example if a user loses their mobile phone).

Read-only users can't turn off multi-factor authentication in the Sophos Cloud Optix user interface.

  1. Go to Settings > Users.
  2. Find the user.
  3. In the Action column, click the padlock icon to turn off multi-factor authentication.