Multi-Factor Authentication (MFA)
Back to home
On this page
Multi-Factor Authentication (MFA) enhances security by protecting both your organization and every user account that interacts with it through SSH or the Upsun API.
When MFA is enforced within an organization, every project contributor must enable MFA on their user account so they can run Git commands, SSH into an environment, or trigger actions through the Upsun API.
Enable MFA on your user account
To access an organization that enforces MFA or any of its projects, you must enable MFA on your user account. Failure to do so results in forbidden access to the organization from the Console or API, and an error message when trying to SSH into its environments.
To enable MFA on your user account, follow these steps:
- In the Console, open the user menu (your name or profile picture).
- Click My profile
- Click Security.
- Click Set up application.
- Follow the instructions for the chosen authentication app.
- Click Verify & save.
- Refresh your SSH credentials by running
upsun login -f
in the CLI.
Enforce MFA within your organization
Feature availability and permissions
This feature is available as part of the Standard User Management add-on. To add it to your organization, administer your organization’s billing.
Only organization owners and admin users can enable MFA within an organization. However, even if you have the required permissions, you must enable MFA on your user account prior to enforcing it within the whole organization.
To enable MFA within your organization, follow these steps:
- In the Console, open the user menu (your name or profile picture).
- Click Settings.
- Click Security.
- In the MFA required area, set the Enable toggle on.
Note
Under User security settings, you can view which users in your organization have activated MFA for their user accounts.
Send email reminders
You can send email reminders to users who haven’t enabled MFA on their user account yet. To do so, follow these steps:
- In the Console, open the user menu (your name or profile picture).
- Click Settings.
- Click Security.
- In the User security settings area, find the user you want to send a reminder to.
- Click More next to that user.
- Select Remind. An email is sent to the user with instructions on how to enable MFA on their user account.
Note
You can send reminders to multiple users at once. To do so, in the User security settings user list, select the desired users by checking the boxes in front of their names. Click Remind at the top of the list to trigger the reminder emails.