How to enforce 2FA for your Organization
We know how important security policies are. That’s why organization owners can enforce two-factor authentication (2FA) for its members. This allows customers with increased security requirements to comply with their own policies.
Only owners of an organization will be able to enforce 2FA. Customers leveraging SAML-based SSO will bypass any 2FA enforcement. If SAML is configured in your organization, your SAML provider may already require 2FA.
1. After signing in, select Settings on the left and then select Identity & Access
Note: If SAML is configured in your organization, your SAML provider may already require 2FA.
2. Select Enable 2FA Enforcement
3. Select Yes, enforce 2FA
If you’ve enforced 2FA (as an organization owner), but do not have 2FA configured yet, you will be required to configure 2FA next time you log into the Cobalt platform.
4. All members and owners of the organization who don't meet the organization's Identity & Access requirements, will receive an email. These users must configure 2FA before sign in.
5. To check what users have not enabled 2FA, select the People tab on the left. If an organization does not have SAML enabled, and a user does not have 2FA configured, you will see .
Although we don’t enforce 2FA for Pentesters or Pentest Leads, will indicate whether 2FA is not enabled.
Frequently Asked Questions:
Not able to login without a 2FA code, because I’ve lost or replaced my device. What should I do?
If you've lost access to your primary device, and can no longer access your 2FA code, you will not be able to log in to your account. Because 2FA adds an extra level of security to your account, you will need to follow the steps to recover your account or notify the owner of your organization. It may take some time for the owner to verify it's you.
If I enforce 2FA, will Organization and Pentest Collaborators be required to login with 2FA?
Organization Users (owners & members) as well as Pentest Collaborators (team members) who are part of your organization will need to enable 2FA if enforced on the organization. Although we don’t enforce 2FA for Pentesters or Pentest Leads, will indicate whether 2FA is not enabled on the Collaborators tab.
When is 2FA bypassed, even if it’s enforced on the organization?
Customers leveraging SAML-based SSO, logging in with the identity provider configured with SAML, will bypass any 2FA enforcement.