Available for: Enterprise plan

Set up by: Company-level admin

Company administrators with an Enterprise plan can require guests and members to sign in to MURAL with two-factor authentication (2FA).

Note: Company admins can only require 2FA for members and guests who aren’t using single sign-on (SSO).


Index


What is 2FA?

2FA is a security measure that you can enforce in MURAL for your company members and/or guests. Enabling 2FA increases security by requiring a secondary device to authenticate, and helps prevent hackers from accessing members’ accounts.

Note: You can only require 2FA on MURAL’s web app, and not on desktop or mobile apps. Members can always individually enroll in 2FA from their profile page if company admins don’t require it.

The steps you’ll take to require 2FA depends on your company’s SSO configuration:

Company SSO

Member 2FA

Guest 2FA

SSO isn’t configured for your company.

Company admins can enforce 2FA for members.

Company admins can enforce 2FA for guests.

SSO is configured for your company.

You can only enable 2FA for your members directly from your identity provider. To do this, reach out to a member of the MURAL Customer Success team.

Company admins can enforce 2FA for guests.


Require 2FA for company members

Enterprise client company admins can only enforce 2FA for members in MURAL if the company isn’t using SSO.

Note: Company admins for company accounts using SSO can enforce 2FA for members using their identity provider. Contact the MURAL Customer Success team to set this up.

As a company admin, follow these steps to require 2FA for your company members:

  1. Log into MURAL as a company administrator.

  2. Click your avatar at the bottom left of the screen.

  3. Click Company dashboard.

  4. Go to the General page.

  5. Click the Require for members checkbox under the Two-factor authentication section.

  6. Select Next sign in or Immediately.

  7. Click Save changes.

Company admins can decide when the requirement will take effect. They can choose between:

Next sign-in

Members aren’t logged out immediately. Next time a member signs in, they must set up their 2FA to use MURAL.

Immediately

Company admins only have this option if they have already individually enrolled in 2FA from their profile page in MURAL.

When the company admin selects this option and clicks SAVE CHANGES, every company member (including admins) will be logged out immediately. Next time a member signs in, they must set up their 2FA to use MURAL.

Note: We don't recommend this option. It immediately kicks everyone out of their sessions and can be disruptive!

On the member's next login, they will see a prompt to set up 2FA for their MURAL account:

When they click Next, members will go through the 2FA enrollment process.

Visit this article to see how individual members set up 2FA.


Require 2FA for guests

Company administrators can require 2FA for guests.

As a company admin, follow these steps to configure 2FA for guests:

  1. Log into MURAL as a company administrator.

  2. Click your avatar at the bottom left of the screen.

  3. Click Company dashboard.

  4. Go to the General page.

  5. Click the Require for guests checkbox under the Two-factor authentication section.

  6. Click Save changes.

Once you enable the Require for guests setting, MURAL will prompt guests to set up 2FA for their account if they don't have SSO.


Troubleshoot 2FA

Can I get recovery codes?

If a member doesn’t have their mobile device or accidentally deleted their authentication app, they can use one of their backup codes to sign in. They can only use each code once. These backup codes are provided when a member first sets up 2FA. They're also available on each member’s profile page. If a member runs out of recovery codes, MURAL will send an email with the newly-generated codes.

Help! I'm locked out of my account. Now what?

If a member doesn’t have a mobile app authenticator or backup codes, they can contact support to manually disable 2FA for their account. Then, the member can reset their 2FA configuration.

Visit this article for more information on individual members setting up 2FA.

Did this answer your question?