How to require two-factor authentication for Dropbox teams

Two-factor authentication adds an extra layer of protection to your team’s Dropbox accounts, making it much harder for anyone else to access an account, even if they know the password.

Dropbox team admins can require all or some team members to use two-factor authentication. You can do this through the admin console or through your identity management provider if you use single sign-on (SSO). 

How to require two-factor authentication for team member

1. Log in to dropbox.com with your admin credentials.
2. Click Admin console in the left sidebar.
3. Click Settings.
4. Click the Security tab. 
5. Under Authentication, choose Required from the dropdownto the right of Two-factor authentication.
6. Toggle the setting next to Two-factor authentication from Optional to Required.
7. Click Save.

How will required two-factor authentication affect my team?

Newly invited members will be required to enable two-factor authentication after accepting the invitation to join your team. 

Existing members will be required to enable two-factor authentication the next time they log in. Requiring two-factor authentication won't log your team member out of their devices or web sessions, and won't interrupt their workflow. Existing team members who try to connect a new computer or mobile device as their first log-in after two-factor authentication is enabled will be directed to the Dropbox website to log in (and set up two-factor authentication).

What will a team member see when setting up two-factor authentication?

When team members log in to Dropbox, they will see a Get Started prompt.

1. Team members can choose to receive verification codes via text message, or to use an authenticator app, and then click Send code.
2. Team members will next be required to verify that two-factor authentication is working— they will receive a text message to the phone number entered, or else need to enter the two-factor authentication code generated via the authenticator app.
3. Lastly, team members will receive an emergency backup code, which can be used if they ever lose their mobile phone.
   • Alternatively, team admins can reset two-factor authentication for team members as needed
4. Click Turn on 2-factor authentication.

How to add users to the exception list

If you require two-factor authentication for your team, but want to exclude certain members, you can add them to the exception list.

To do so:

1. Log in to dropbox.com with your admin credentials.
2. Click Admin console in the left sidebar.
3. Click Settings.
4. Click the Security tab. 
5. Under Authentication, click Two-factor authentication.
6. Next to Optional for specific members, click either No one added or Optional for [x] members.
7. Type the emails or names of users you would like to add.
8. Click Done.
9. Click Save.