Skip to content

Enforce Two-Factor Authentication for All Extension Users

A username and password alone can be guessed, shared, or stolen. To close that gap across your whole organization, you can require two-factor authentication (2FA) for every extension. Two-factor authentication adds a second verification step on top of the password, so a login only succeeds when the person also proves they hold the extension’s second factor. Once enforced, anyone signing in with an extension username and password must clear that second step before they gain access, which blocks logins that rely on stolen credentials.

Confirm the following minimum versions are in place:

  • Cloud Voice, version 84.14.0.24 or later.
  • Cloud Voice App (desktop), version 1.4.9 or later.

PBX (Private Branch Exchange) is the phone system that manages your extensions and calls. You configure this policy from its web portal.

  1. Sign in to the PBX web portal and open Security > Security Settings > Security Options.

  2. Under Two-Factor Authentication, tick Make Two-Factor Authentication Mandatory for All Extensions.

    Cloud Voice, the Two-Factor Authentication option enabled in the portal's security settings

  3. Click Save.

What happens next depends on whether a user had already turned on 2FA in the Cloud Voice App:

  • Users who already had 2FA enabled. Nothing changes for them. They keep working in the app without interruption.
  • Users who did not have 2FA enabled. The next time they open, or are already signed in to, the Cloud Voice App (web or desktop) with their extension username and password, a setup window appears and prompts them to configure 2FA. If they do not finish the setup, the app signs them out automatically.

Cloud Voice, the two-factor authentication setup prompt shown to users who have not yet enabled it