Skip to main content

Multi-Factor Authentication

Multi-factor authentication (MFA) can be added directly through Firezone or by adding an additional factor directly through your identity provider.

MFA with Firezone

Firezone currently supports using a time-based one time password (TOTP) as an additional factor. This is supported with the local authentication method only; for SSO authentication we recommend enabling your provider's MFA functionality as described below.

Admins can visit /settings/account/register_mfa in the admin portal to generate a QR code to be scanned by your authenticator app.

Unprivileged users can visit /user_account/register_mfa after logging into the user portal.

MFA with Identity Provider

Most identity providers support additional authentication factors in addition to email/password. Consult your provider's documentation to enforce an additional factor. We have included links to a few common providers below: