mirror of
https://github.com/Infisical/infisical.git
synced 2026-05-02 03:02:03 -04:00
63 lines
2.3 KiB
Plaintext
63 lines
2.3 KiB
Plaintext
---
|
|
title: "Multi-factor Authentication"
|
|
sidebarTitle: "MFA"
|
|
description: "Learn how to secure your Infisical account with MFA."
|
|
---
|
|
|
|
MFA requires users to provide multiple forms of identification to access their account.
|
|
|
|
## Email 2FA
|
|
|
|
If 2-factor authentication is enabled in the Personal settings page, email will be used for MFA by default.
|
|
|
|
|
|
|
|
## Mobile Authenticator 2FA
|
|
|
|
You can use any mobile authenticator app (Authy, Google Authenticator, Duo, etc.) to secure your account. After registration with an authenticator, select **Mobile Authenticator** as your 2FA method.
|
|
|
|
|
|
## Entra ID / Azure AD MFA
|
|
|
|
<Note>
|
|
Before proceeding make sure you've enabled [SAML SSO for Entra ID / Azure AD](./sso/azure).
|
|
|
|
We also encourage you to have your team download and setup the
|
|
[Microsoft Authenticator App](https://www.microsoft.com/en-us/security/mobile-authenticator-app) prior to enabling MFA.
|
|
|
|
</Note>
|
|
|
|
<Steps>
|
|
<Step title="Open your Infisical Application in the Microsoft Entra Admin Center">
|
|
|
|
</Step>
|
|
<Step title="Tap on Conditional Access under the Security Tab">
|
|
|
|
</Step>
|
|
<Step title="Tap on Create New Policy from Templates">
|
|
|
|
</Step>
|
|
<Step title="Select Require MFA for All Users and Tap on Review + Create">
|
|
|
|
<Note>
|
|
By default all users except the configuring admin will be setup to require
|
|
MFA. Microsoft encourages keeping at least one admin excluded from MFA to
|
|
prevent accidental lockout.
|
|
</Note>
|
|
</Step>
|
|
<Step title="Set Policy State to Enabled and Tap on Create">
|
|
|
|
</Step>
|
|
<Step title="MFA is now Required When Accessing Infisical">
|
|
|
|
<Note>
|
|
If users have not setup MFA for Entra / Azure they will be prompted to do
|
|
so at this time.
|
|
</Note>
|
|
</Step>
|
|
</Steps>
|