# Setting Up Multifactor Authentication in Vault ## What is Multi-Factor Authentication? **Multi-Factor Authentication (MFA)** is a security mechanism that requires two forms of identity verification before granting access: * **First factor**: User credentials such as a username and password. * **Second factor**: A one-time verification code generated by an authenticator app or provided via a security device. Enforcing MFA significantly reduces the risk of unauthorized access to your Vault data by requiring something the user **knows** and something the user **has**. *** ## Enabling MFA for Your Vault Account Vault administrators can enable MFA either **globally for all users** or **individually per user**. ### Global MFA Enforcement 1. Log in to your **Vault** account. 2. Navigate to **Manage Users > Users**. 3. Toggle the **MFA switch** in the header to enable MFA for all users in the account. ### Per-User MFA Enforcement 1. Navigate to **Manage Users > Users**. 2. Find the specific user in the list. 3. Enable MFA by sliding the **MFA toggle** to the right for that user.
MFA Toggle for Users
{% hint style="info" %} **Important Notes:** * Enabling MFA does **not** affect users who are already logged in. MFA will be enforced at the next login. * Users will be prompted to **register a mobile device** with an authenticator app (e.g., Google Authenticator, Salesforce Authenticator). {% endhint %} *** ## Reset MFA If a user loses their device or switches to a new phone, they must contact an administrator to reset their MFA setup. ### Admin Steps to Reset MFA: 1. Go to **Manage Users > Users**. 2. Locate the user and click the **Reset** icon next to the MFA toggle.
Reset MFA Icon
3. On the user's next login, they will be prompted to scan a **new QR code** to register their authenticator app.