Multi-factor authentication

You can turn on multi-factor authentication (MFA) to improve the security of your Sophos Cloud Optix account.

If you set up MFA, users must use another form of authentication, as well as usernames and passwords, when they sign in to Sophos Cloud Optix.

Note If you're accessing Sophos Cloud Optix from Sophos Central, you must configure MFA in Sophos Central Admin.
Restriction If you've signed in with Google Authenticator, you can't turn on MFA in Sophos Cloud Optix. Turn it on in your Google account instead. Google authentication isn't available if you're accessing Sophos Cloud Optix from Sophos Central.

Turn on multi-factor authentication

To turn on MFA, do as follows:

  1. Click your customer name and select Profile.
  2. Click Multi-factor Authentication.
    A QR code appears.
  3. On your mobile phone, open an authenticator.

    We recommend Google Authenticator.

  4. Scan the QR code.
    A code appears on your mobile phone.
  5. Enter the code in Authentication Code and click Submit.

The next time you sign in, you're prompted for a one-time passcode (OTP). You can use Google Authenticator to get it.

Sign in with multi-factor authentication

To sign in with MFA, do as follows:

  1. Enter your email address and password, and click Sign in.
    The MFA OTP prompt appears.
  2. On your mobile phone, go to Google Authenticator and look for the Sophos Cloud Optix passcode.
  3. Enter the code and click Sign in.

Turn off multi-factor authentication

If you're an Admin or Super Admin, you can turn off MFA for your own account, or for other users on your account. This can be useful if, for example, a user loses their mobile phone.

Read-only Admins can't turn off MFA in the Sophos Cloud Optix user interface.

To turn off MFA, do as follows:

  1. Go to Settings and click Users.
  2. Find the user.
  3. In the Action column, click the padlock icon to turn off MFA.