As an administrator, you can enable two-factor authentication for all users of the system via the PIM Administration Zone.

1. On the header bar, click Admin.
2. In the Search Admin Zones field at the top, enter Security Settings.
3. Click the Security Settings link that displays.
4. Under Two-factor Settings, select the Two-factor Authentication Required check box.
5. Modify any of the following settings, if required:

   Setting	Description
   Two-factor Code Grace	Enter the number of 2FA time-based codes permitted either side of the current code. The default is 1.
   Two-factor Code Lifetime	Enter the number of seconds that a generated 2FA code is valid for. When this time expires, a user must generate a new authentication code. The default is 30 seconds.
   Two-factor Setup Link Lifetime	Enter the number of minutes that 2FA setup links sent to users via email are valid for. When this time expires, a user must request 2FA setup again. The default is 5 minutes.

6. Click Save Changes.
   When users now log in to PIM, they will see an additional field on the log in screen. Users must enter a generated six-digit code from their chosen authenticator app into this field before they can log in.