MFA requires users to provide multiple forms of identification to access their account.

Email 2FA

If 2-factor authentication is enabled in the Personal settings page, email will be used for MFA by default.

Mobile Authenticator 2FA

You can use any mobile authenticator app (Authy, Google Authenticator, Duo, etc.) to secure your account. After registration with an authenticator, select Mobile Authenticator as your 2FA method.

Entra ID / Azure AD MFA

Before proceeding make sure you’ve enabled SAML SSO for Entra ID / Azure AD.

We also encourage you to have your team download and setup the Microsoft Authenticator App prior to enabling MFA.

1

Open your Infisical Application in the Microsoft Entra Admin Center

2

Tap on Conditional Access under the Security Tab

3

Tap on Create New Policy from Templates

4

Select Require MFA for All Users and Tap on Review + Create

By default all users except the configuring admin will be setup to require MFA. Microsoft encourages keeping at least one admin excluded from MFA to prevent accidental lockout.

5

Set Policy State to Enabled and Tap on Create

6

MFA is now Required When Accessing Infisical

If users have not setup MFA for Entra / Azure they will be prompted to do so at this time.

Was this page helpful?

GitLabOverview