# Setting Up Multifactor Authentication in Vault

## What is Multi-Factor Authentication? <a href="#what-is-multifactor-authentication" id="what-is-multifactor-authentication"></a>

**Multi-Factor Authentication (MFA)** is a security mechanism that requires two forms of identity verification before granting access:

* **First factor**: User credentials such as a username and password.
* **Second factor**: A one-time verification code generated by an authenticator app or provided via a security device.

Enforcing MFA significantly reduces the risk of unauthorized access to your Vault data by requiring something the user **knows** and something the user **has**.

***

## Enabling MFA for Your Vault Account <a href="#enabling-mfa-for-your-account" id="enabling-mfa-for-your-account"></a>

Vault administrators can enable MFA either **globally for all users** or **individually per user**.

### Global MFA Enforcement

1. Log in to your **Vault** account.
2. Navigate to **Manage Users > Users**.
3. Toggle the **MFA switch** in the header to enable MFA for all users in the account.

### Per-User MFA Enforcement

1. Navigate to **Manage Users > Users**.
2. Find the specific user in the list.
3. Enable MFA by sliding the **MFA toggle** to the right for that user.

<figure><img src="/files/Jic8hBEFRsGd8WwDxxM2" alt="MFA Toggle for Users"><figcaption></figcaption></figure>

{% hint style="info" %}
**Important Notes:**

* Enabling MFA does **not** affect users who are already logged in. MFA will be enforced at the next login.
* Users will be prompted to **register a mobile device** with an authenticator app (e.g., Google Authenticator, Salesforce Authenticator).
  {% endhint %}

***

## Reset MFA <a href="#reset-mfa" id="reset-mfa"></a>

If a user loses their device or switches to a new phone, they must contact an administrator to reset their MFA setup.

### Admin Steps to Reset MFA:

1. Go to **Manage Users > Users**.
2. Locate the user and click the **Reset** icon next to the MFA toggle.

<figure><img src="/files/sgVcI63wVUKU8PpqK7lK" alt="Reset MFA Icon"><figcaption></figcaption></figure>

3. On the user's next login, they will be prompted to scan a **new QR code** to register their authenticator app.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/vault/getting-started/set-up-multifactor-authentication-in-vault.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.