Prohibit new users from setting up two-step verification for themselves

In order to further improve Kaspersky Security Center Web Console access security, you can prohibit new users from setting up two-step verification for themselves.

If this option is enabled, a user with disabled two-step verification, for example new domain administrator, cannot configure two-step verification for themselves. Therefore, such user cannot be authenticated on Administration Server and cannot sign in to Kaspersky Security Center Web Console without approval from another Kaspersky Security Center Linux administrator who already has two-step verification enabled.

This option is available if two-step verification is enabled for all users.

To prohibit new users from setting up two-step verification for themselves:

1. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the Authentication security tab of the properties window, switch the toggle button Prohibit new users from setting up two-step verification for themselves to the enabled position.

This option does not affect the user accounts added to the two-step verification exclusions.

In order to grant Kaspersky Security Center Web Console access to a user with disabled two-step verification, temporary turn off the Prohibit new users from setting up two-step verification for themselves option, ask the user to enable two-step verification, and then turn on the option back.