Multi-factor Authentication
Multi-factor authentication (MFA) protects CloudQuery Platform accounts with a second verification step. Individual users can enable it for themselves, or Organization Administrators can enforce it for all users. Both standard Platform users and SSO users can use multi-factor authentication.
Prerequisites
- Active CloudQuery Platform account
- Access to a mobile device or authenticator app
- Admin permissions (for organization-wide enforcement)
For Organization Administrators
View MFA adoption across organization
To see the status of individual user’s MFA, navigate to the Organization settings. In the Users tab, the MFA Status column shows each user’s status.
Enforcing MFA Organization-Wide
Enforcing multi-factor authentication for all users will terminate all active sessions and will force the users to enable the multi-factor authentication before they can continue using the Platform.
To enforce multi-factor authentication for all users, you need to have the Admin role. Navigate to the Organization settings. In the Platform settings tab scroll down to the Multi-factor Authentication section and click the Enforce Multi-factor authentication for all users toggle to enforce the policy.
Reset a user’s MFA
If a user loses access to their authenticator, Admin can reset their multi-factor authentication from the Organization settings. In the Users tab, click the actions menu on the right, and select Reset MFA.
For End Users
Configuring your multi-factor authentication app
To set up multi-factor authentication for your user account, you will need an app on your phone or in your password manager that supports TOTP protocol, such as Google Authenticator, Microsoft Authenticator, or 1Password plugin in your browser.
If you are not prompted to set up MFA by the Platform, you can opt in from Account Settings. Switch to the Multi-factor Authentication tab. You will see a QR code and an alternative text representation. Scan the QR code with your authenticator app or enter the alternative code manually.
Your authenticator will show a 6-digit code that will change every 30 seconds. Enter the code in the input below the QR code and click the Set Up MFA button.
A confirmation screen shows that MFA is now active.
If the verification code is not accepted
If the verification code is not accepted, try reloading the page and scanning the QR code again.
Make sure the date and time on your device are correct.
If you lose your authenticator
If you lose your authenticator, contact your organization administrator to reset the multi-factor authentication status and set it up again on a new device.
Next Steps
- Single Sign-On - Configure SSO for stronger authentication
- User Management - Manage users and security settings
- Audit Log - Monitor authentication events
Last updated on