---
title: "Multi-Factor Authentication"
description: "Enable and manage two-factor authentication and enforcement for your organization"
---

import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";

<PangolinCloudTocCta />



Pangolin supports two‑factor authentication (2FA) for Pangolin user accounts.

### Enable or Disable 2FA

- Click your profile menu (top right) to enable two‑factor authentication.
- You will need to confirm your password and code before enabling/disabling 2FA.

### Supported Methods

- **Time‑based one‑time code (TOTP)**: Use an authenticator app (e.g., 1Password, Google Authenticator).
- **Push via email**: Contact sales to enable.
- **Push via Duo**: Contact sales to enable.

### Enforcement

<Note>
Two‑factor enforcement (requiring 2FA at login) is available in [Enterprise Edition](/self-host/enterprise-edition) only.
</Note>

To enable enforcement, go to Organization Settings and toggle 2FA enforcement in the Security section.

- Enforcement is configured per organization.
- MFA enforcement only applies to internal Pangolin user accounts. This policy does not apply to accounts linked to an external identity provider.
- When enforced, users must enable 2FA before accessing the organization or its resources.
- Users without 2FA will see a prompt directing them to enable it before proceeding.