Chat now with support
Tchattez avec un ingénieur du support

KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Configure Admin-level or organization-specific General Settings

Configure Admin-level or organization-specific General Settings

If the Organization component is enabled on your appliance, configure organization-specific General Settings at the Admin level. You configure the General Settings for each organization separately.

See Adding, editing, and deleting organizations.

If the Organization component is not enabled on your appliance, see Configure appliance General Settings without the Organization component.

1.
Go to the Admin-level General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click General Settings.
2.
In the General Options section, view or enter the following information.

Option

Description

Last Updated and Organization Name

(Read-only) The date the information was changed and the name of the organization. Organization Name can be edited at the System level. See Add or edit organizations.

Company Name

Enter the name of your company.

Administrator Email

Enter the email address of the appliance administrator. System-related messages, including critical alerts, are sent to this address.

Company Email Suffix

Enter the domain from which your users send email. For example: example.com.

3.
Optional: In the Locale Settings section, specify locale settings. See Configuring locale settings.

Option

Description

Organization Locale

Select the locale to use for the selected organization’s Administrator Console and User Console. If you have multiple organizations, you can select different locales for each one. See:

4.
Optional: In the Samba Share Settings section, select file sharing options then click Save Samba Settings. If File Shares are disabled, you need to enable them at the System level before you can enable them for the organization. See Configure security settings for the appliance.

Option

Description

Enable File Sharing

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that can be used by the provisioning service to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

File Share User ‘admin’ Password

Enter the password to use for admin account access to the file share directory.

5.
In the Ignore Client IP Address Settings section, enter the IP address or addresses to ignore. Separate each address with a comma. Ignoring IP addresses is useful when multiple devices could report themselves with the same IP address, such as a proxy address.
6.
In the License Usage Warning Configurations section, select the percentage to use for the warning threshold and critical threshold for software license usage. If you have configured software License assets, threshold information is displayed on the license-related widgets on the Dashboard
7.
In the Data Retention section, select the options for retaining data in the KACE SMA database.

Option

Description

Retain Device Uptime Data

The number of months that device uptime information is retained in the KACE SMA database.

Device uptime refers to the number of hours of each day that managed devices are running. You can retain this data for a specified number of months, Forever, or never save it (Disabled).

Retain Metering Data

The number of months that metering data is retained in the KACE SMA database.

Metering data is information about how applications are installed and used on the Windows and Mac devices that you manage. Metering data that is older than the selected number of months is deleted on the first day of every month. See About metering information.

Retain Uncataloged data in the Software Catalog

Whether to retain information about Uncataloged applications in the KACE SMA database.

Uncataloged applications are executables that are in the KACE SMA inventory but that do not appear in the Software Catalog, and the KACE SMA retains information about those applications by default. For organizations with a large number of managed devices, however, retaining this data might greatly increase the size of the database. This size increase could increase the time it takes to load pages in the Administrator Console and the time it takes to perform database backups.

Select this check box to retain data for Uncataloged software in the KACE SMA database. Clear the check box to disable data retention.

If data retention for Uncataloged software is disabled:

8.
In the Asset Archive section, type the number of days that you want to keep the assets marked for archiving, before actually archiving them. The default value is 3 days.
9.
In the User Archive section, indicate if you want to enable user archival, as needed.
b.
In the Archive Tag field, type a label that you want to associate with the state of archived users. For example, Archived or Inactive.
c.
Indicate if you want to maintain Service Desk ticket and asset associations with archived users. Set each of the Ticket Associations and Asset Associations fields to one of the following options:
Maintain Users: Select this option if you want to continue to associate tickets or assets with archived users. If you select this option, the configured Archive Tag appears next to the archived user name, to indicate that the user is no longer active.
Remove Users: Select this option if you want to remove all ticket or asset associations with archived users.
10.
In the Device Assignment section, indicate how you want to match users with devices: One-time sync, Continuous sync, or Disabled.
11.
In the Device Actions section, click Add New Action, the select the scripted actions to enable.

Device Actions are scripted actions that can be performed on managed devices. There are several pre-programmed actions available. To add your own action, select Custom Action in the Action menu, then enter the command in the Command Line text box.

The following variables are available for device actions:

KACE_HOST_IP

KACE_HOST_NAME

KACE_CUSTOM_INVENTORY_*

When device actions run, the appliance replaces variables with their appropriate values.

For KACE_CUSTOM_INVENTORY_ * replace the asterisk (*) with the name of a software application associated with a custom inventory rule. When the device action runs, the name is replaced with the custom inventory rule value for the device. Enter the software application name in uppercase characters. The allowed characters are: [A-Z0-9.-]."

If you are using Internet Explorer, you can define any valid statement to perform a task on a remote device, then assign a name to it to use the next time you want to perform that task. For example, you can enter the statement, ping.exe –t KACEHOSTIP and name it Ping. A valid statement is a maximum of 150 characters, and the name that you assign to it must be any printable character of up to 20 characters. For information about running Device Actions, see Run actions on devices.

NOTE: Most actions in the Action drop-down list require you to install additional applications for them to function. For example, using DameWare requires you to install TightVNC on your device as well as on the device you want to access.

This feature is only supported on Windows devices. If you enable ActiveX in Microsoft Internet Explorer, the device action runs using ActiveX. If ActiveX is disabled, or you want to use a different browser, the Windows device you are running the device action from must have the KACE Agent version 9.0 or later agent installed and connected.

When you initiate device through the agent, the action executable must be placed in your %PATH%. The agent is 32-bit, so on 64-bit Windows devices, use %windir%/System32 as an alias to the %windir%/Wow64 directory. If you need to run a program that's located in the %windir%/System32 directory on a 64-bit Windows system, you must use the %windir%/SysNative virtual directory. You can either add %windir%/SysNative to your %PATH% environment variable or provide a fully-qualified path by prepending %windir%/SysNative to your executable when defining your machine action.

12.
In the Patch Schedule section, if you want disable administrators to apply patches to all devices, select the Hide All Devices check box.
13.
In the Allowed Bulk Actions section, indicate if you want to enable bulk actions against KACE Cloud Mobile Device Manager (MDM) and VMware virtual machine devices. When bulk actions are enabled, the associated KACE Cloud MDM and VMware virtual machine commands become available from the Choose Action menu on the Devices list page.

Option

Description

Enable Bulk KACE Cloud MDM Actions

Select this check box to enable commands against multiple KACE Cloud MDM devices on the Devices list page.

Enable Bulk Virtual Machine Actions

Select this check box to enable commands against multiple VMware virtual machine devices on the Devices list page.

14.
To use a custom logo in the User Console, select images in the Logo Overrides section.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the Administrator Console.

Option

Description

User Console

The logo or other graphic displayed at the top of the User Console. Follow these guidelines for graphics:

To see the default login page and a customized version, see Configure appliance General Settings with the Organization component enabled.

Report

This setting controls the logo used when generating reports for the selected organization.

Upload a logo or other graphic to be displayed at the top of reports. The graphic must be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout. To use a different size, adjust the output of the XML report.

To see the default report logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

If the Organization component is enabled on your appliance, you can specify different logos for the reports produced for each organization and for the System.

For information about using custom logos at the System level, see Configure appliance General Settings with the Organization component enabled.

Agent Alert

Upload a logo or graphic to be used in pop-up messages on Agent-managed devices. These pop-ups include snooze dialogs, installation progress messages, alert messages, and message windows created by scripts. After you upload a graphic, it becomes available to managed devices the next time they check in to the appliance.

Graphics for pop-up messages must be in BMP format with a maximum color depth of 256 and a size of 100 pixels wide by 38 pixels high.

To see the default alert logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

You can customize Alert message text and options as well. See Adding and editing scripts.

15.
Click Save and Restart Services.

Configure appliance General Settings without the Organization component

Configure appliance General Settings without the Organization component

If the Organization component is not enabled on your appliance, all appliance General Settings are available at the Admin level.

If the Organization component is enabled on your appliance, see Configure Admin-level or organization-specific General Settings.

1.
Go to the Admin-level General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
b.
On the left navigation bar, click Settings, then click General Settings.
2.
In the General Options section, provide the following information:

Option

Description

Last updated

Read-only: The date the information was changed and the name of the organization.

Company Name

Enter the name of your company.

Administrator Email

Enter the email address of the appliance administrator. System-related messages, including critical alerts, are sent to this address.

Company Email Suffix

Enter the domain from which your users send email. For example: example.com.

Enable mobile device access

Enable or disable Mobile Device Access to the appliance. Mobile device access enables you to interact with the KACE SMA appliance using the KACE GO app on iOS and Android smart phones and tablets. Administrators can use the app to access Service Desk, inventory, and application deployment features.

See Configuring Mobile Device Access.

Session Timeout

Set the number of inactive hours to allow before closing user sessions and requiring users to log in again. The default is 1. The User Console and Administrator Console have Timeout Session counters to alert users of this time limit. Only periods of inactivity are counted. The counter restarts when the user performs any action that causes the console to interact with the appliance server, such as refreshing a window, saving changes, and changing windows. When the counter reaches the limit, the user is logged out, unsaved changes are lost, and the login screen appears. The Timeout Session counter appears in the upper right of each console.

3.
In the Client Drop File Size Filter section, specify a file size.

Options

Description

Client Drop File Size Filter

A file-size filter for the organization's Client Drop location.

The Client Drop location is a storage area (Samba share) for the organization on the KACE SMA appliance. This storage area is used to upload large files, such as application installers and appliance backup files, to the appliance. Uploading files to the Client Drop location is an alternative to uploading files through the Administrator Console using the default HTTP mechanism, which can result in browser timeouts for large files.

The Client Drop Size filter determines whether files uploaded to the organization's Client Drop location are displayed on the Upload and Associate Client Drop File list on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB, the Upload and Associate Client Drop File list shows files that are 1 GB in size or larger. Files that are less than 1 GB in size are not displayed on the list.

Application files are moved from the organization's Client Drop location to the appropriate area when the file is selected on the Software Detail page and saved.

Appliance backup files that are placed in the Client Drop location are automatically identified as appliance backup files, and they become available for selection on the Backup Settings page within five minutes. See Copy files to the KACE SMA Client Drop location.

4.
In the User Console section, specify customizations for the User Console text:

Option

Description

Title

The heading that appears on the User Console login page. The User Console is the web-based interface that makes applications available to users on a self-service basis. It also enables users to file Service Desk support tickets to request help or report issues. To access the User Console, go to http://<KACE_SMA_hostname>/user where <KACE_SMA_hostname> is the hostname of your appliance.

Welcome Message

A welcome note or description of the User Console. This text appears below the title on the User Console login page.

5.
In the Acceptable Use Policy section, select policy settings:

Option

Description

Enabled

Enable the appliance to display your policy, and require users to accept the terms of your policy, when they access the Administrator Console, User Console, or Command Line Console, or log in using SSH or FTP.

Title

The heading of the policy to be displayed on the login page of the User Console.

Message

Details of the policy, which are displayed below the Title on the login page. Users must agree to the terms of the policy before they can log in to the User Console.

6.
In the Log Retention section, select the number of days to retain log information. Log entries that are older than the selected number of days are automatically deleted from the log. See Access appliance logs to view Microsoft Exchange Server errors.
7.
In the Share With Us section, specify data sharing options.

Option

Description

Share summary usage data...

(Recommended) Share summary information with Quest. This information includes appliance status, uptime, and load averages, as well as the number of devices, Managed Installations, and applications being managed by the appliance. This option is recommended because it provides additional information to Quest Support if you need assistance. In addition, data shared with Quest is used when planning product enhancements.

Share detailed usage data...

(Recommended) Share detailed information with Quest and share anonymous information with ITNinja.com. This information includes Agent and appliance crash reports, user interface usage statistics, and inventory information, such as application titles. Quest uses this information to help improve the Software Catalog, and ITNinja uses anonymous data to identify relevant content on http://www.itninja.com for dynamic feeds to the KACE SMA Administrator Console.

ITNinja.com is a community website where IT professionals can share information and research on a wide variety of systems management and deployment topics. The ITNinja feed is a feature that dynamically displays software deployment tips and other contextual information on relevant pages in the KACE SMA Administrator Console. To enable the ITNinja feed, you need to select Share detailed Usage data.... This setting shares information anonymously with ITNinja. The ITNinja feed is available only if Share Summary Usage Data... is selected, and it is available only on pages related to software deployment, such as the software, Managed Installation, and File Synchronization detail pages. The feed is not available on the Software Catalog detail page.

Clear this option to prevent the appliance from sharing inventory data with the ITNinja community. However, clearing this option does not remove any information that has already been shared. For more information, contact Quest Support.

Share extended patch diagnostics

(Recommended) Share detailed patch diagnostics with Quest.

8.
In the Locale Settings section, specify locale preferences. These preferences determine the formats used for date and time information displayed in the Administrator Console.

Option

Description

Organization Locale

The locale to use for the organization’s Administrator Console and User Console.

Command Line Console Locale

The locale to use in the Command Line Console, which uses the konfig user account.

9.
In the Ignore Client IP Address Settings section, enter the IP address or addresses to ignore. Separate each address with a comma. Ignoring IP addresses is useful when multiple devices could report themselves with the same IP address, such as a proxy address.
10.
In the License Usage Warning Configurations section, select the percentage to use for the warning threshold and critical threshold for software license usage. If you have configured software License assets, threshold information is displayed on the license-related widgets on the Dashboard.
11.
In the Update Reporting User Password section, provide the password of the account required to run reports on the organization. You cannot change the Database Name or the Report Username.
12.
In the Data Retention section, select the options for retaining data on the appliance. You can retain this data for a specified number of months, Forever, or never save it (Disabled).

Option

Description

Retain Device Uptime Data

The amount of uptime data to save for devices. Device uptime data refers to the number of hours of each day that your managed devices are running. You can retain this data for a specified number of months, Forever, or never save it (Disabled).

Retain Metering Data

The number of months that metering data is retained in the KACE SMA appliance database.

Metering data is information about how applications are installed and used on the Windows and Mac devices that you manage. Metering data that is older than the selected number of months is deleted on the first day of every month. See About metering information.

Retain Uncataloged data in the Software Catalog

Whether or not to retain information about Uncataloged applications in the KACE SMA appliance database.

Uncataloged applications are executables that are in the KACE SMA inventory but that do not appear in the Software Catalog, and the KACE SMA retains information about those applications by default. For organizations with a large number of managed devices, however, retaining this data might greatly increase the size of the database. This could increase the time it takes to load pages in the Administrator Console and the time it takes to perform database backups.

Select this check box to retain data for Uncataloged software in the KACE SMA database. Clear the check box to disable data retention.

If data retention for Uncataloged software is disabled:

13.
In the Device Actions section, click Add New Action, the select the scripted actions to enable.

Device Actions are scripted actions that can be performed on managed devices. There are several pre-programmed actions available. To add your own action, select Custom Action in the Action menu, then enter the command in the Command Line text box.

The following variables are available for device actions:

KACE_HOST_IP

KACE_HOST_NAME

KACE_CUSTOM_INVENTORY_*

When device actions run, the appliance replaces variables with their appropriate values.

For KACE_CUSTOM_INVENTORY_ * replace the asterisk (*) with the name of a software application associated with a custom inventory rule. When the device action runs, the name is replaced with the custom inventory rule value for the device. Enter the software application name in uppercase characters. The allowed characters are: [A-Z0-9.-]."

If you are using Internet Explorer, you can define any valid statement to perform a task on a remote device, then assign a name to it to use the next time you want to perform that task. For example, you can enter the statement, ping.exe –t KACEHOSTIP and name it Ping. A valid statement is a maximum of 150 characters, and the name that you assign to it must be any printable character of up to 20 characters. For information about running Device Actions, see Run actions on devices.

NOTE: Most actions in the Action drop-down list require you to install additional applications for them to function. For example, using DameWare requires you to install TightVNC on your device as well as on the device you want to access.

This feature is only supported on Windows devices. If you enable ActiveX in Microsoft Internet Explorer, the device action runs using ActiveX. If ActiveX is disabled, or you want to use a different browser, the Windows device you are running the device action from must have the KACE Agent version 9.0 or later agent installed and connected.

When you initiate device through the agent, the action executable must be placed in your %PATH%. The agent is 32-bit, so on 64-bit Windows devices, use %windir%/System32 as an alias to the %windir%/Wow64 directory. If you need to run a program that's located in the %windir%/System32 directory on a 64-bit Windows system, you must use the %windir%/SysNative virtual directory. You can either add %windir%/SysNative to your %PATH% environment variable or provide a fully-qualified path by prepending %windir%/SysNative to your executable when defining your machine action.

14.
To use a custom logo in the User Console, select images in the Logo Overrides section.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the Administrator Console.

Option

Description

User Console

The logo or other graphic displayed at the top of the User Console. Follow these guidelines for graphics:

To see the default login page and a customized version, see Configure appliance General Settings with the Organization component enabled.

Report

This setting controls the logo used when generating reports for the selected organization.

Upload a logo or other graphic to be displayed at the top of reports. The graphic must be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout. To use a different size, adjust the output of the XML report.

To see the default report logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

If the Organization component is enabled on your appliance, you can specify different logos for the reports produced for each organization and for the System.

For information about using custom logos at the System level, see Configure appliance General Settings with the Organization component enabled.

Agent Alert

Upload a logo or graphic to be used in pop-up messages on Agent-managed devices. These pop-ups include snooze dialogs, installation progress messages, alert messages, and message windows created by scripts. After you upload a graphic, it becomes available to managed devices the next time they check in to the appliance.

Graphics for pop-up messages must be in BMP format with a maximum color depth of 256 and a size of 100 pixels wide by 38 pixels high.

To see the default alert logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

You can customize Alert message text and options as well. See Adding and editing scripts.

15.
If you manage Hewlett-Packard (HP) or Lenovo devices, you can retrieve their warranty information. To do that, in the Manufacturer Warranty API Keys section, provide the HP and/or Lenovo API keys to obtain the warranty data. Lenovo requires only a key whereas HP requires both a key and a secret. These values are stored encrypted in the database.
When configured, the device warranty information appears on the Device Details page in the Inventory Information group when you select an HP or Lenovo device. For more information, see Groups and sections of items in device details.

Option

Description

Hewlett-Packard

Select this option if you want to obtain warranty information for your managed HP devices. If this option is selected and you clear it, the HP API key and secret are removed from the database.

Key

The API key for obtaining warranty information for managed HP devices.

Secret

The secret for obtaining warranty information for managed HP devices.

Lenovo

Select this option if you want to obtain warranty information for your managed Lenovo devices. If this option is selected and you clear it, the Lenovo key is removed from the database.

Key

The API key for obtaining warranty information for managed Lenovo devices.

16.
Click Save and Restart Services.

Configure appliance date and time settings

Configure appliance date and time settings

Configure appliance date and time settings in the Settings section of the Administrator Console. If the Organization component is enabled on your appliance, date and time settings are available at the System level.

It is important to keep the appliance date and time settings accurate, because many calculations are based on these settings.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Date and Time Settings.
The Date and Time Settings page appears.

Option

Description

Timezone

Select a timezone in the drop-down list.

Time Setting

Select an option:

Configure Network Time Protocol. Use an Internet time server. If you select this option, provide the server web address in the Server field.
Manually configure date and time. Set the appliance clock manually. Specify the time and date in the drop-down lists. The Hour drop-down list uses a 24-hour clock format.

Server

Use an Internet time server to set the appliance time. Enter the web address of the time server in the text box. For example: time.example.com.

4.
Click Save and Reboot.

Enable Two-Factor Authentication for all users

Enable Two-Factor Authentication for all users

Two-Factor Authentication (2FA) provides stronger security for users logging into the appliance by adding an extra step to the login process. It relies on the Google Authenticator app to generate verification codes. The app generates a new six-digit code at regular intervals. When enabled, end users will be prompted for the current verification code each time they log in.

To download the Google Authenticator app, visit one of the following sites, as applicable:

You can enable 2FA access to the Administrator Console and User Console for all users in the selected organization using the Two-Factor Authentication page in the Administrator Console, as described below. Alternatively, you can enable or disable 2FA access to the Administrator Console and User Console using the System Administration Console. For more information, see Configure Two-Factor Authentication for organizations.

1.
Go to the Admin-level Two-Factor Authentication page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Two-Factor Authentication.
2.
To enable 2FA for all users in the Administrator Console, under Two-Factor Authentication for Admin Portal, select Required for all Users.
This option overwrites 2FA settings in the User Details page. When 2FA is enabled for all users on this page, it cannot be disabled for individual users on the User Details page for any users that are associated with the selected organization (if applicable).
3.
To enable 2FA for all users in the User Console, under Two-Factor Authentication for User Portal, select Required for all Users.
Documents connexes