mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
41 lines
1.6 KiB
Plaintext
41 lines
1.6 KiB
Plaintext
---
|
|
title: Multi-Factor Authentication
|
|
sidebar_position: 2
|
|
description:
|
|
Enforce multi-factor authentication with Firezone's WireGuard®-based
|
|
secure access platform.
|
|
---
|
|
|
|
# Multi-factor authentication (MFA)
|
|
|
|
You have two options for activating MFA with Firezone:
|
|
|
|
1. Enable a TOTP-based second factor for the local email/password
|
|
authentication method.
|
|
1. Configure Firezone to SSO via one of our [supported identity providers
|
|
](../#integrate-an-sso-provider) and enable MFA through the identity provider.
|
|
|
|
## MFA with Firezone
|
|
|
|
Firezone currently supports using a time-based one time password
|
|
(TOTP) as an additional factor. This is supported with the local authentication
|
|
method only; for SSO authentication we recommend enabling your provider's MFA
|
|
functionality [as described below](#mfa-with-identity-provider).
|
|
|
|
Admins can visit `/settings/account/register_mfa` in the admin portal to
|
|
generate a QR code to be scanned by your authenticator app.
|
|
|
|
Unprivileged users can visit `/user_account/register_mfa` after logging into
|
|
the user portal.
|
|
|
|
## MFA with your identity provider
|
|
|
|
Most identity providers support additional authentication factors in addition to
|
|
email/password. Consult your provider's documentation to enforce an
|
|
additional factor. We have included links to a few common providers below:
|
|
|
|
* [Okta](https://help.okta.com/en-us/Content/Topics/Security/mfa/mfa-home.htm)
|
|
* [Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks)
|
|
* [Google](https://support.google.com/a/answer/175197)
|
|
* [Onelogin](https://www.onelogin.com/getting-started/free-trial-plan/add-mfa)
|