Your organization
Administration
Two-factor authentication enforcement
9 min
this feature is available to enterprise customers organization admins and owners can enforce two factor authentication (2fa) within their organization, requiring all users to enable it key benefits one step enforcement make 2fa mandatory for all users in one action reduced security risks prevent unauthorized access and potential account takeovers locked in protection ensure users can't accidentally or intentionally turn off 2fa, so your security stays locked in place limitations 2fa enforcement applies only to users who sign in using make’s native authentication method (email and password) if a user signs in through an external provider (e g , google) or an identity provider (sso/saml), this make level enforcement does not apply in these cases, 2fa must be configured and enforced within the external provider or identity provider enable 2fa enforcement in the organization as soon as you enforce 2fa in your organization, users who haven't set up 2fa before and sign in using make's native authentication method (email and password) will be signed out immediately w e recommend planning 2fa enforcement ahead of time to avoid disruption schedule for off hours, evenings, or weekends when your team isn't actively working inform your team 24 48 hours in advance; explain what's happening, and that the setup takes about 5 minutes let users save their work make sure there's time before you enable it to enable 2fa enforcement in your organization in the left sidebar, click org click the three dots next to the organization settings click enforce 2fa in the next window, review the warning that all users in your organization will be signed out immediately and required to use 2fa to sign in check the confirmation box and click enable 2fa you will see a message confirming that 2fa changes have been saved set up 2fa once 2fa enforcement is enabled, users who haven't configured 2fa before and sign in using make's native authentication method (email and password) will be signed out immediately upon signing in, they will see a warning that their account now requires 2fa to set up 2fa, users have to sign in using their make email and password scan the qr code using an authenticator app (e g , google authenticator, authy, microsoft authenticator, or 1password) if scanning is not possible, click can't scan? and manually enter the provided key to the authenticator app enter the one time code generated by the authenticator app along with make password , and click continue save your recovery codes save the provided one time recovery passwords in a safe place they can be used to regain access to the account with 2fa if a mobile device is lost or stolen, or the authenticator app is removed from the phone click copy to clipoboard to copy the one time passwords, or click download to save them in a txt file after saving, click continue users who belong to only one organization will be redirected to their make org page users who belong to multiple organizations will need to select the organization before being redirected to their make org page check 2fa status after enabling 2fa enforcement, o rganization admins and owners can see at both the organization and team levels who completed setup and who didn't check 2fa status at the organization level to check the user's 2fa status at the organization level in the left sidebar, click org switch to the org users tab click the icon in the upper right corner of the table and check the box for 2fa status you will see a new 2fa status column with each organization member's 2fa status check 2fa status at the team level to check the user's 2fa status at the team level in the left sidebar, click team switch to the team users tab click the icon in the upper right corner of the table and check the box for 2fa status you will see a new 2fa status column with each team member's 2fa status disable 2fa enforcement in the organization when 2fa enforcement is on, users can't turn off 2fa themselves only organization admins or owners can disable it to disable 2fa enforcement in your organization in the left sidebar, click org click the three dots next to the organization settings click turn off 2fa enforcement in the next window, review the warning that once 2fa enforcement is turned off, users will no longer be required to sign in with a verification code check the confirmation box and click turn off enforcement you will see a message confirming that 2fa changes have been saved