Setting Up Multifactor Authentication in Vault

What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a security mechanism that requires two forms of identity verification before granting access:

  • First factor: User credentials such as a username and password.

  • Second factor: A one-time verification code generated by an authenticator app or provided via a security device.

Enforcing MFA significantly reduces the risk of unauthorized access to your Vault data by requiring something the user knows and something the user has.


Enabling MFA for Your Vault Account

Vault administrators can enable MFA either globally for all users or individually per user.

Global MFA Enforcement

  1. Log in to your Vault account.

  2. Navigate to Manage Users > Users.

  3. Toggle the MFA switch in the header to enable MFA for all users in the account.

Per-User MFA Enforcement

  1. Navigate to Manage Users > Users.

  2. Find the specific user in the list.

  3. Enable MFA by sliding the MFA toggle to the right for that user.

MFA Toggle for Users

Important Notes:

  • Enabling MFA does not affect users who are already logged in. MFA will be enforced at the next login.

  • Users will be prompted to register a mobile device with an authenticator app (e.g., Google Authenticator, Salesforce Authenticator).


Reset MFA

If a user loses their device or switches to a new phone, they must contact an administrator to reset their MFA setup.

Admin Steps to Reset MFA:

  1. Go to Manage Users > Users.

  2. Locate the user and click the Reset icon next to the MFA toggle.

Reset MFA Icon
  1. On the user's next login, they will be prompted to scan a new QR code to register their authenticator app.

Last updated

Was this helpful?