Me as admin has 2 factor authentication turned on, but is there a way I can verify which other org users also have that?
Can I force a user to switch to 2FA?
Currently, we do not expose the 2FA status of org members, nor do we have any mechanism in place to force members to enable it.
My initial reaction to your request was that we would not add this support for privacy concerns (Losant users could be members of other orgs, and they have their own sandbox resources, and we’d be exposing some additional information about their account) but after researching this further, there is precedence for exactly what you’re asking for here. GitHub does this, for example - displaying the 2FA status of org members and optionally requiring it to maintain membership.
So we don’t have anything on our short-term roadmap for requiring 2FA, but I do see a path to getting there. What we’d probably roll out is:
- Expose the 2FA status of org members to org admins. (pretty easy)
- Optionally require 2FA to be enabled before accepting an org invitation. (more difficult but doable; however, members could disable 2FA after acceptance of the invitation)
- Lock users out of the org if they disable 2FA. (this one’s a lot more work)
We’ll keep you posted if/when we implement any of these steps.
In the meantime, the closest thing to a workaround would be to enable single sign-on (SSO) for your company’s domain (assuming your company supports that), and in that case you could manage the 2FA status of your members through that. But that does come with an additional cost. If you’re interested in that, I recommend reaching out to your account manager.
1 Like
Option 1 would be a good start.