Requiring 2FA
Organization owners can enforce an org-wide two-factor authentication (2FA) policy. When it’s on, every member who signs in with a password must enroll in 2FA before they can use the platform — raising the security floor for the whole organization in one switch.
For how 2FA works for an individual user, see Two-Factor Authentication.
Who can change the policy
Section titled “Who can change the policy”Only the organization owner can turn the policy on or off — this is stricter than most org settings, which any admin can change, because it sets a security policy for the entire org. Admins and members see the current state but can’t change it.
Turning it on
Section titled “Turning it on”- Go to My Organization and find the Security section.
- Under Organization MFA policy, tick Require two-factor authentication for all members.
The change takes effect immediately. Members who aren’t yet enrolled will be walled off until they set up 2FA (see below). To lift the requirement, untick the same box.
What members experience
Section titled “What members experience”When the policy is on, the next thing each password member does on the platform sends them to 2FA enrollment. Until they finish enrolling, they can’t reach their instances or the API — the platform holds them at the enrollment wall. As soon as they complete setup, everything works normally.
Members who sign in with Google or GitHub are unaffected. Their identity provider already supplies the second factor, so the policy doesn’t apply to them and they’re never sent to enrollment.
Members who had already enrolled in 2FA on their own notice nothing — they’re already compliant.
What it does not do
Section titled “What it does not do”- It doesn’t touch OAuth (Google/GitHub) members — there’s nothing to enroll, since their provider is the second factor.
- It doesn’t retroactively force a re-login on active sessions beyond routing un-enrolled members to setup.
- It isn’t a per-member setting — the policy applies org-wide. There’s no way to require 2FA for some members but not others.
Related
Section titled “Related”- Two-Factor Authentication — the member-facing setup, recovery codes, and sign-in flow.
- Admin Controls — the rest of the owner/admin toolkit on the My Organization page.