Two-factor authentication (2FA) is an added layer of security for your VBC account. It can be enforced at the account level for all users, or individual users can enable it for themselves.
| Argentina | Egypt | Lithuania | Serbia |
| Australia | Estonia | Luxembourg | Singapore |
| Austria | Finland | Malaysia | Slovakia |
| Bangladesh | France | Mexico | Slovenia |
| Belgium | Germany | Moldova | South Africa |
| Brazil | Greece | Netherlands | South Korea |
| Bulgaria | Honduras | New Zealand | Spain |
| Canada | Hong Kong | Norway | Sri Lanka |
| Chile | Hungary | Pakistan | Sweden |
| China | India | Panama | Switzerland |
| Colombia | Indonesia | Peru | Taiwan |
| Costa Rica | Ireland | Philippines | Thailand |
| Croatia | Israel | Poland | Turkey |
| Cyprus | Italy | Portugal | Ukraine |
| Czech Republic | Japan | Puerto Rico | United Arab Emirates |
| Denmark | Latvia | Romania | United Kingdom |
| Dominican Republic | Lebanon | Saudi Arabia | United States |
| Enforce 2FA Account-Wide | Contact Us to enforce 2FA account-wide. Once enforced, these conditions exist:
|
| Check 2FA Status |
|
You can set 2FA at the user level before it is enforced account-wide, but this is not required.
To set your verification phone number now:
| Desktop App (All User Types) |
|
| Mobile App (All User Types) |
|
| Admin Portal (Super User, Account Administrators, User Administrators Only) |
|
Can I remove or disable 2FA?
Once enabled, 2FA cannot be disabled.
Can I set up 2FA with an email address instead of a phone number?
No, we do not support email addresses for 2FA. We only support phone numbers.
How often do I have to verify with 2FA? Is it every 24 hours?
You must verify with 2FA every time you sign in. This is not enforced every 24 hours.
I share my login credentials with someone else. How can we continue sharing credentials with 2FA?
Sharing VBC user credentials is neither secure nor recommended. Contact your Account Administrator to have separate user profiles created for everyone who must have access to the account.
How does 2FA work when a I have SSO (Single SIgn-On) enforced?
While 2FA is enforced at the account level, if you have SSO enabled, you will not be required to use 2FA when signing in.
When 2FA is enabled on my account, it will terminate “sessions”. What does that mean?
Once 2FA has been enabled on the account, all users will be logged out and must each configure 2FA when signing back in. Once enforcement of 2FA has been enabled, it cannot be undone. Note, users signed in through SSO will remain signed in, as will users who have already configured their user-level 2FA. Active phone calls will continue and the session will terminate once the call has been completed.
If our account will be forced to enable 2FA, but we have SSO, what is the actual expected behavior? If we have MFA (Multi-Factor Authentication) with our SSO, why do we need to enable our 2FA?
SSO is allowed to be disabled for some users even if it is enforced on the account. 2FA is not. You must have 2FA enforced if you want to continue with SMS on VBC in any capacity. If users have SSO enabled, they will not see any difference in behavior. Basically, every user will have to log in with one of these:
Is there a way for admins to track which users have 2FA enabled at the user level before it is turned on for the whole account by Vonage?
No. 2FA is enforced at an account level and not by the user. Once this is turned on for an account, any user not already enabled for SSO would need to configure a number for 2FA and sign in that way.
Can I use an international number for 2FA?
Yes. Many countries are now supported. For the list of currently supported countries, refer to Supported Countries.
What is your data retention / compliance policy for the storage of end user phone numbers used for 2FA?
The number used for 2FA is stored in our system but is not exposed to anyone after configuration. Numbers will not be used for any other purpose.