Already a NinjaOne customer? Log in to view more guides and the latest updates.

Disable SMS for Multi-factor Authentication (MFA)

Topic

This article explains how to deactivate short message service (SMS) for MFA. You can perform this action in bulk for technicians and end users.

NinjaOne will deactivate SMS by default for new divisions.

Environment

NinjaOne Platform

Description

NinjaOne supports multiple options for secure login authentication, such as hardware tokens from an identity provider (IdP) or third-party authenticator applications. Deactivating SMS for MFA enhances account security and mitigates risks from SMS provider outages.

Deactivating SMS for MFA may be beneficial if your SMS provider regularly experiences service outages or other issues that impact SMS codes from being delivered.

Only system administrator roles can view and edit settings for Use SMS for MFA. When you deactivate SMS for MFA, existing users will be logged out and prompted to set up an alternate authentication type if they were previously using SMS. SMS will not appear in their profile as an option if you deactivate it for a division.

Change the SMS for MFA Settings

To deactivate SMS for all technicians or all end users, perform the following steps:

  1. Navigate to Administration Accounts Security Settings.
  2. Click Edit in the Use SMS for MFA section.
security settings_use sms for mfa.png
Figure 1: Edit SMS for MFA settings
  1. Read the warning prompt before proceeding.
  2. Select the toggle to allow or disallow SMS for either technicians, end users, or both.
edit sms for mfa_update.png
Figure 2: Update SMS for MFA settings
  1. Click Update.

The page will update to reflect the new settings.

sms for mfa status.png
Figure 3: Example of current SMS for MFA settings

Additional Resources

Refer to NinjaOne Identity Access Management (IAM): Resource Catalog for SSO, SAML, and SCIM to learn more about access options for NinjaOne.

FAQ

Next Steps