home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Show Page Sections

Mobile Endpoint Security

The Manage Admins Module

Using Multifactor Authentication for Local Administrators

Lookout has stepped up MES security by requiring MFA (multifactor authentication) for local administrator authentication to access the MES console. After entering their username and password, local administrators must enter a one-time passcode generated by a mobile authenticator app.

While Google Authenticator is the preferred authenticator for MES, any authenticator that generates standard TOTP (time-based one time passwords) codes should work. Once set up, you must use MFA for any tenant to which you have access.

External administrators who access the console using SAML or SSO authentication from an IdP (identity provider) can only use MFA that is provided by their IdP. External admins using Intune Azure Active Directory integrations use their Intune AAD groups to assume MES administrative roles for Full Access, Restricted Access, and Read-Only Access. You created these mappings when first creating your tenant. If you need to change the AAD groups associated with each access level, contact Lookout Enterprise Support.

Set up and Use MFA

Local administrators must have a compatible authenticator app on their mobile device. When setting up your authenticator app, the console generates 12 single-use recovery codes for use if you lose or misplace your authenticator. Be ready to save the recovery codes to a safe location such as a password manager.

Follow these steps to set up and use your authenticator.

  1. Sign in with username and password.
  2. Follow the prompts to set up MFA with your authenticator app.
  3. Download the recovery codes and store them securely.
  4. Sign out then sign back in using MFA to validate success.

Recover from a Lost or Misplaced Authenticator

In cases where an administrator loses or misplaces their authenticator:

  • Authenticate using one of the 12 recovery codes issued when you registered for MFA.

  • If you accidentally delete or lose the authenticator app, an administrator can reset your MFA.

Reset MFA for an Administrator

  1. Sign in to the MES console.
  2. Navigate to System > Manage Admins.
  3. Find the affected administrator in the list.
  4. Click Reset MFA.

At the next sign-in, MES challenges the user to set up MFA.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.