Available for: Enterprise plan
Set up by: Company-level admin
Company administrators with an Enterprise plan can require guests and members to sign in to MURAL with two-factor authentication (2FA).
Note: Company admins can only require 2FA for members and guests who aren’t using single sign-on (SSO). |
Index
What is 2FA?
2FA is a security measure that you can enforce in MURAL for your company members and/or guests. 2FA is sometimes referred to as MFA (multi-factor authentication). Enabling 2FA increases security by requiring a secondary device to authenticate, and helps prevent hackers from accessing members’ accounts.
Note: You can only require 2FA on MURAL’s web app, and not on desktop or mobile apps. Members can always individually enroll in 2FA from their profile page if company admins don’t require it. |
The steps you’ll take to require 2FA depends on your company’s SSO configuration:
Company SSO | Member 2FA | Guest 2FA |
SSO isn’t configured for your company. | Company admins can enforce 2FA for members. | Company admins can enforce 2FA for guests. |
SSO is configured for your company. | You can only enable 2FA for your members directly from your identity provider. To do this, reach out to an admin of your identity provider. | Company admins can enforce 2FA for guests. |
Require 2FA for company members
Enterprise company admins can only enforce 2FA for members in MURAL if the company isn’t using SSO.
Note: Company admins for company accounts using SSO can enforce 2FA for members using their identity provider. Contact an admin of your identity provider to set this up. |
As a company admin, follow these steps to require 2FA for your company members:
Log into MURAL as a company administrator.
Click your avatar at the bottom left of the screen.
Click Company dashboard.
Go to the General page.
Click the Require for members checkbox under the Two-factor authentication section.
Select Next sign in or Immediately.
Click Save changes.
Company admins can decide when the requirement will take effect. They can choose between:
Next sign-in | Members aren’t logged out immediately. Next time a member signs in, they must set up their 2FA to use MURAL. |
Immediately | Company admins only have this option if they have already individually enrolled in 2FA from their profile page in MURAL. When the company admin selects this option and clicks SAVE CHANGES, every company member (including admins) will be logged out immediately. Next time a member signs in, they must set up their 2FA to use MURAL.
Note: We don't recommend this option. It immediately kicks everyone out of their sessions and can be disruptive!
|
On the member's next login, they will see a prompt to set up 2FA for their MURAL account:
When they click Next, members will go through the 2FA enrollment process.
Visit this article to see how individual members set up 2FA.
Require 2FA for guests
Company administrators can require 2FA for guests.
As a company admin, follow these steps to configure 2FA for guests:
Log into MURAL as a company administrator.
Click your avatar at the bottom left of the screen.
Click Company dashboard.
Go to the General page.
Click the Require for guests checkbox under the Two-factor authentication section.
Click Save changes.
Once you enable the Require for guests setting, MURAL will prompt guests to set up 2FA for their account if they don't have SSO.
Troubleshoot 2FA
Can I get recovery codes?
If a member doesn’t have their mobile device or accidentally deleted their authentication app, they can use one of their backup codes to sign in. They can only use each code once. These backup codes are provided when a member first sets up 2FA. They're also available on each member’s profile page. If a member runs out of recovery codes, MURAL will send an email with the newly-generated codes.
Help! I'm locked out of my account. Now what?
If a member doesn’t have a mobile app authenticator or backup codes, they can contact support to manually disable 2FA for their account. Then, the member can reset their 2FA configuration.
Visit this article for more information on individual members setting up 2FA.