When enabled, this option requires users to log in not only by entering their username and password, but also an OTP (One Time Password) received via SMS at login. By default, this option is disabled but can be changed by the user. To ensure that users do not independently change the assigned value, it is sufficient to deactivate the associated option in the EDITABILITY column.
Note: in order for the OTP authentication to work properly, a supported SMS gateway provider may be configured in the SMS SERVER tab of the control panel. If this step is not done, the OTP will still be sent by email. The activation of the two-step verification is requested in order to install the certified Common Criteria EAL2+ version of BooleBox On-Premises. Furthermore, the command corresponding to the MODIFICABILITY column related to the TWO STEP VERIFICATION option for the end user must be disabled from the USERS section of the Dashboard by an administrator user (SAM, ADM or ADR).