Enabling Two-Step Authentication

Domain administrators can enable Two-Step Authentication for their users. However, it must be noted that it affects all users of the domain: it can not be enabled on a user-by-user basis. To do this, do the following:

Log in as a domain administrator.

Click on Settings and select Domain Settings from the dropdown.

Select General from the left menu.

On the User Options card, enable Force two-step authentication.

Be sure to Save the changes.

Once this is enabled, each user will need to log in to webmail and set up Two-Step Authentication for their accounts. This entails ensuring there’s a recovery email address associated to their account — ideally, an address NOT associated to the domain they’re logging into — and then choosing whether to authenticate using that recovery address or an authentication app. They can then step through the authentication process using the method they’ve chosen.

Two-Step Authentication and Email Clients

Once Two-Step Authentication is set up for a user, they will need to re-log in to any email clients they’re using. SmarterMail generates “application passwords” for any user that has Two-Step enabled, and it will generate strong passwords for various protocols that are available. For example, strong passwords are created for use with EAS (mobile) clients, IMAP/POP/SMTP, MAPI & EWS, etc. These passwords can be used for various clients and do not need to be changed. (However, they can be “refreshed” and a new password is generated.) So, a customer can use the same MAPI & EWS strong password for both Microsoft Outlook and eM Client.