Home > General Administration > Managing Dashboard Access > Recovering Access to Accounts Protected by Two Factor Authentication

Recovering Access to Accounts Protected by Two Factor Authentication

Two Factor Authentication (TFA) is an important security mechanism, and cannot be disabled by Cisco Meraki without positively identifying the account owner. There are two methods available to ensure access is not lost: a backup phone number (with SMS auth), and a list of one time codes (with Google Authenticator).

Backup phone number with SMS authentication

Cisco Meraki strongly recommends configuring a backup phone number when two factor authentication via SMS is enabled. This can be done under the Two-factor authentication section of the My profile page (found in the upper right corner of Dashboard). When a backup number is enabled, the verification code can be sent to that second number in the event access to the primary phone is lost. Without a backup number, a disabled or missing phone can prevent access to Dashboard.

One-time codes with Google Authenticator

When configuring two-factor authentication with Google Authenticator, Dashboard creates a number of one-time use codes that can be used in the event access to one or all authenticators is lost. Any one of these ten codes can be used in place of a verification code during the login process. Each of the ten codes can only be used once. We recommend that these codes are stored in a safe location, or printed and kept in a wallet. For users with access to multiple organizations, such as Managed Service Providers, a different set of backup codes is generated for each organization.

Disabling Two-Factor Authentication when locked out

The two methods above are the primary options for disabling or temporarily bypassing two factor authentication. If these methods cannot be utilized for any reason, the only alternative is to provide proof of identity after contacting Cisco Meraki Technical Support. There are two methods to request removal of SMS and Google Authentication for TFA.

Method 1:

  1. Open a case by emailing support@meraki.com
    - This email must be sent from the email address of the account TFA is to be disabled on. 
    - It must include the full name of the organization that the account resides in. 
  2. A second organization administrator must comment on the case through Dashboard granting approval to disable TFA on the account.
    - Email or phone approval is not acceptable for this. The approval must come as a comment on the case.
    - This permission can be granted only by an organization administrator with Full access.

 

Method 2:

Alternatively, if a second organization administrator with full access does not exist or is otherwise unavailable:

  1. Open a case by emailing support@meraki.com
    - This email must be sent from the email address of the account TFA is to be disabled on. 
  2. Once in communication with a Cisco Meraki Support Engineer, explain that TFA needs to be disabled for the account.
  3. Mail (not email) notarized proof of identity using a company letterhead. 
    • When this is received by support, it will then be scanned and attached to the case before TFA is disabled.
    • It is strongly recommended to send this letter with tracking, in case of postal issues.

    • This letter will contain this information:
      • Full name of the Dashboard organization
      • Full email address of the account
      • Full name that is set on the account’s profile (First Name + Last Name)
      • Case number the request is associated with
      • Copy of photo identification
      • Must be notarized
    • Unless otherwise specified by the technician, use the following address format:
      Cisco Meraki
      500 Terry A Francois Blvd
      4th Floor, C/o [TECHNICIAN'S NAME]
      ​San Francisco, CA 94158
You must to post a comment.
Last modified
17:13, 26 Aug 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community