Description
To strengthen security in response to increasingly sophisticated cyberattacks, OTP (One-Time Password) entry will be mandatory for all admin accounts starting from December 1, 2026 (Tue) 0:00 JST.
This requirement will be enforced regardless of Access Policy settings.
Therefore, if OTP is not set up, admins may be unable to log in after this change.
We strongly recommend that admins complete the necessary setup before the deadline to avoid any impact on operations.
Recently, cyberattacks have become highly sophisticated, making countermeasures against unauthorized access by third parties a critical issue.
In particular, admin accounts have powerful privileges that allow control over all user information and system settings within the organization.
If an admin’s credentials are leaked or stolen, the impact could extend beyond a single user and threaten the entire organization.
To protect your organization from such risks, we have decided to enforce OTP entry for all admin accounts at login, regardless of Access Policy settings.
The details are as follows.
Deadline
November 30, 2026 (Mon) 23:59 JST
* To avoid the risk of being unable to log in, we strongly recommend completing the setup by the above deadline.
* If the enforcement date is postponed, we will announce it in this article.
Start Date for Mandatory OTP Entry
From December 1, 2026 (Tue) 0:00 JST onward
* From this date and time, OTP entry will be required for all admin logins.
* If the enforcement date is postponed, we will announce it in this article.
1. Target Users
All users with the following roles are subject to this requirement.
- Global Admin
- Read Only Admin
- Certificate Admin
- Secure Browser Admin
- Certificate and Secure Browser Admin
2. Exceptions
There are no exceptions.
Regardless of Access Policy Group settings or the destination service, whenever login is required for these admins, OTP entry will always be required.
* OTP entry will be required in all cases where login via Access Control is necessary, such as the Access Control Administration, groupware, and integrated SSO services.
* Even if the [Skip OTP authentication] setting is set to "Never require" or "Do not require under specific conditions," OTP entry will still be required every time.
3. Experience When OTP Is Not Set Up
The experience will differ depending on whether you are using the new or old login screen.
For the New Login Screen
At the end of the authentication flow, a dedicated screen will prompt you to set up OTP.
There are two types of menus on this screen.
- ① OTP Setup Menu: Select either "Receive by email" or "OTP generator app (such as HENNGE Lock)" and complete the setup on the spot to log in.
- ② Emergency Menu: In case of emergencies such as undelivered emails, you can log in by entering an "emergency OTP" from the link on the screen.
For the Old Login Screen
An OTP entry screen will appear at the end of the login flow.
* The dedicated OTP setup screen will not appear on the old login screen.
If OTP setup (either email delivery or OTP app setup) is not complete, you can log in by entering an emergency OTP.
* Emergency OTPs can be generated and obtained from the user edit menu in the admin console.
* If an emergency OTP is not set, an error will occur and you will not be able to log in.
Requests to Admins
Especially if you are using the old login screen, you may be unable to log in if OTP is not set up in advance.
Please set up OTP for your admin account as soon as possible.
You can check the OTP setup status for admins from the "Filter" in the User List menu.
You can filter by admin role and setup status in detail.
Reference
For detailed OTP setup procedures and specifications, please refer to the following article.
[Access Control] How to Set Up OTP (One-Time Password) for Admins
Notes
If the deadline or the mandatory OTP entry start date is postponed, we will notify you in this article.
We recommend subscribing to receive notifications when this article is updated.
How to Use the Help Center PUSH Notification Feature
┗ Please subscribe to "Notice".