Configure two-factor authentication
User accounts can be additionally protected with two-factor authentication (2FA), and an organization owner can make this a requirement for all users.
Setting up Two-factor Authentication
To reach your user security settings page, click the user icon in the upper right corner and choose Account Settings from the menu.
Once on this page you can set-up authentication with either a TOTP-compliant application and/or an SMS-enabled phone number. Choose your preferred authentication method and enter a phone number (optional if using an application), then follow the instructions to finish the configuration. If you are using an application, you must scan a QR code to enable it; for either method, you must enter valid authentication codes to verify a successful set-up.
After you finish, the two-factor authentication settings will change to show your currently configured authentication method. You can click the "Reveal codes" link to view backup codes, or use the "Disable 2FA" button to disable two-factor authentication.
Logging in with Two-factor Authentication
After two-factor authentication has been successfully set-up you will need to enter the code from your TOTP-compliant application or from an SMS sent to your approved SMS-enabled phone number on login.
If necessary you can also use a backup code by clicking "Use a recovery code". Please remember that each backup code can only be used to log in once.
Requiring Two-factor Authentication for All Users
If you are an organization owner you can require all users within your organization to use two-factor authentication.
Click Settings in your organization to reach your organization'a settings page, then click Authentication.
Click the button "Require two-factor". Please remember that all organization owners must have two-factor authentication on before this can be set.
Requiring Two-factor Authentication for Users with HashiCorp Cloud Platform
When you require two-factor authentication for all users and have users who log in with their HashiCorp Cloud Platform Account, the required configuration for each organization member depends on their linked HashiCorp Cloud identity:
- Email: Follow the instructions in the HashiCorp Cloud MFA docs.
- GitHub: Follow the instructions in the Configuring GitHub two-factor authentication docs.
- SSO: HCP Terraform does not currently support HCP SSO accounts.