You have two options for activating MFA with Firezone:
- Enable a TOTP-based second factor for the local email/password authentication method.
- Configure Firezone to SSO via one of our supported identity providers and enable MFA through the identity provider.
MFA with Firezone
Firezone currently supports using a time-based one time password (TOTP) as an additional factor. This is supported with the local authentication method only; for SSO authentication we recommend enabling your provider's MFA functionality as described below.
Admins can visit
/settings/account/register_mfa in the admin portal to
generate a QR code to be scanned by your authenticator app.
Unprivileged users can visit
/user_account/register_mfa after logging into
the user portal.
MFA with Identity Provider
Most identity providers support additional authentication factors in addition to email/password. Consult your provider's documentation to enforce an additional factor. We have included links to a few common providers below: