Enforce Two-Factor Authentication

Enforce 2FA for users.

As an Organization Owner, you can enforce two-factor-authentication (2FA) for all users within your organization.

2FA enforcement affects users belonging to your organization, including the following roles:

Enforce 2FA

  1. Navigate to Settings > Identity & Access.
  2. Under Two-Factor Authentication, select Enforce 2FA.

    Enforce 2FA for your organization
  3. In the overlay that appears, select Yes, enforce 2FA to confirm.

Users who haven’t yet configured 2FA on their account get an email notification. They need to enable 2FA before signing in. For details, see steps 3–5 described in Enable Two-Factor Authentication.

As an Organization Owner who enforces 2FA, you see an overlay prompting you to enable 2FA—if you haven’t already.

Check the 2FA Status of Users

To view the 2FA status on the user accounts within your organization, navigate to the People page. You see a yellow warning icon Warning icon for a user when:

  • The user hasn’t enabled 2FA—regardless of the 2FA enforcement; and
  • Your organization doesn’t have SAML SSO configured.

We don’t enforce 2FA for Pentesters and Pentest Leads, but we display a warning icon Warning icon on the Pentest Collaborators tab if they haven’t enabled 2FA.

Check the 2FA status of users on the People page

Disable 2FA Enforcement

  1. Navigate to Settings > Identity & Access.
  2. Under Two-Factor Authentication, select Disable 2FA Enforcement.

Users within your organization are no longer required to enable 2FA. This does not disable 2FA on their accounts. We recommend that they keep using 2FA to enhance their account security.




Was this page helpful?

Yes No Create an Issue

Last modified January.01.2023