Multi-factor authentication (MFA) can be added directly through Firezone or by adding an additional factor directly through your identity provider.
MFA with Firezone
Firezone currently supports using a time-based one time password (TOTP) as an additional factor. This is supported with the local authentication method only; for SSO authentication we recommend enabling your provider's MFA functionality as described below.
Admins can visit
/settings/account/register_mfa in the admin portal to generate
a QR code to be scanned by your authenticator app.
Unprivileged users can visit
/user_account/register_mfa after logging into
the user portal.
MFA with Identity Provider
Most identity providers support additional authentication factors in addition to email/password. Consult your provider's documentation to enforce an additional factor. We have included links to a few common providers below: