Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Two-factor authentication
The use of two-factor authentication (2FA) strengthens your account security by making it harder for unauthorized users to gain access because it requires users to authenticate twice during logon.
DataSecurity Plus supports the following authentication methods for 2FA:
- Email verification
- Google Authenticator
- Duo Security
Enable 2FA by following these steps:
- Open the DataSecurity Plus web console.
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings.
- Toggle on Enable two-factor authentication.
- Configure one or more of the following authentication methods:
- Email Verification
- Google Authenticator
- Duo Security
- Use the Enrolled Users link in the bottom-right corner of the table to view and manage the users enrolled in 2FA.
Best practices
Use a backup verification code to log on when you do not have access to your mobile device or face issues with certain authentication methods. Find the steps to do that here.
Note: When 2FA is enabled, all technicians must authenticate twice before logging on to DataSecurity Plus. However, the default admin account will have provisions to skip the second verification method during logon. DataSecurity Plus does not provide the option to mandate the second verification method for the default admin account.
Configuring the email verification method
If email verification is chosen, users will need to use the security code generated via email as the second verification during the logon process.
Prerequisite: To configure email verification as an authentication method, email server settings have to be configured beforehand. Find the steps to configure an email server here.
Enable email verification by following these steps:
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings and toggle on Enable two-factor authentication.
- Under Email Verification, select the Enable Email Verification check box.
- Add the email Subject and Message using macros.
- Click Save.
Note: A test email will be generated by DataSecurity Plus as soon as 2FA is configured using email verification. Check the email and make necessary changes to the settings if required.
Configuring the Google Authenticator verification method
If Google Authenticator is chosen, users will need to use the security code generated by the Google Authenticator mobile application as the second verification during the logon process.
Prerequisite: To configure Google Authenticator as an authentication method, download and install Google Authenticator on your mobile device from Google's website. Find the mobile devices supported by the Google Authenticator application here.
Enable Google Authenticator verification by following these steps:
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings and toggle on Enable two-factor authentication.
- Under Google Authenticator, click the Enable Google Authenticator button.
- Click Save.
Log on to DataSecurity Plus for the first time via Google Authenticator by following these steps:
- Open the DataSecurity Plus web console.
- Enter the appropriate user credentials.
- Select Google Authenticator as the preferred second verification method.
- Scan the QR code displayed using your Google Authenticator mobile application to create a separate account for DataSecurity Plus.
- A secret code will be displayed. Enter the secret code generated on your mobile device into the DataSecurity Plus web console to log on.
Configuring the Duo Security verification method
If Duo Security is chosen, users will need to use the security code generated by the Duo Security mobile application as the second verification during the logon process.
Prerequisites:
- To configure Duo Security as an authentication method, download and install the Duo Security application on your mobile device from Google Play.
- Retrieve the security details required for configuring it as a verification method from the Duo Security application by following these steps:
- Log on to the Duo Security application using your Duo Security credentials.
- Go to the Applications section on the left pane and click Protect an Application.
- Under Application, select Web SDK and click Protect.
- Copy the Integration key, Secret key, and API hostname.
Enable Duo Security verification by following these steps:
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings and toggle on Enable two-factor authentication.
- Under Duo Security, select the Enable Duo Security check box.
- Fill in the Integration Key, Secret Key, and API Host Name retrieved from the Duo Security application.
- Choose the appropriate Username Pattern.
- Click Save.
Note: If an enrolled user is deleted in Duo, it is also mandatory to remove the user's enrollment in DataSecurity Plus.
Managing authentication modes
In DataSecurity Plus, users can configure multiple second verification modes to assist with their logons. In such cases, during their first logon after enabling 2FA, users will be asked to choose the verification method they want from the methods already configured.
Users can also change their preferred authentication method that they want to use by default during every logon by following these steps:
- Click the drop-down next to your profile picture in the top-right corner of the window.
- Go to Two-Factor Authentication > Modify Authentication mode.
- Choose the authentication method you prefer.
- Complete the initial verification for the chosen authentication method.
From now on, the user will be redirected to their chosen second verification mode during logon.
Users will be unable to change their preferred authentication mode without logging on. In cases where the user has issues with obtaining a security code via their preferred authentication method and also does not have a valid backup verification code available, they will have to contact the admin to reset their second authentication mode. Only then will they be able to log on.
Admins can reset the second authentication mode for users by following these steps:
- Open the DataSecurity Plus web console.
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings.
- Use the Enrolled Users link in the bottom-right corner of the table.
- Select the user whose second authentication method you want to reset and click the delete icon.
- Click Save.
Using backup verification codes
A backup verification code can be used to log on when a user cannot access their mobile phone or has issues retrieving their security codes. It is advisable to maintain a copy of the backup verification codes in a safe, secure location.
Prerequisite: To set up backup verification codes, at least one 2FA method must have been successfully configured. Find the list of the available second verification methods and the relevant steps here.
Enable the use of backup verification codes by following these steps:
- Select Admin from the applications drop-down menu at the top.
- Go to Administrative Settings > Logon Settings.
- Toggle on Enable two-factor authentication.
- Select the Backup Verification Code check box.
Generate new backup verification codes by following these steps:
- Click the drop-down next to your profile picture in the top-right corner of the window.
- Go to Two-Factor Authentication > Manage Backup Verification Codes. This will open the Manage Backup Verification Codes window, which will list the backup verification codes.
- Users can download the codes as a text file, print them, or send them in an email. It is vital to store the copies of the backup codes in a secure location.
- Click Save.
Note: Each backup verification code can be used only once to log on. Generate a new set of codes when you exhaust the current list.