You're viewing documentation for the legacy version of Firezone, now End-of-Life. View the latest docs here.
Multi-Factor Authentication
You have two options for activating MFA with Firezone:
- Enable a TOTP-based second factor for the local email/password authentication method.
- Configure Firezone to SSO via one of our supported identity providers and enable MFA through the identity provider.
MFA with Firezone
Firezone currently supports using a time-based one time password (TOTP) as an additional factor. This is supported with the local authentication method only; for SSO authentication we recommend enabling your provider's MFA functionality as described below.
Admins can visit /settings/account/register_mfa
in the admin portal to
generate a QR code to be scanned by your authenticator app.
Unprivileged users can visit /user_account/register_mfa
after logging into the
user portal.
MFA with your identity provider
Most identity providers support additional authentication factors in addition to email/password. Consult your provider's documentation to enforce an additional factor. We have included links to a few common providers below: