Security / Secure access to Netlify /

Enforce 2FA

Require all team members to authenticate with two-factor authentication (2FA) before they can access your team or organization’s data and resources. Enforce 2FA from within Netlify or your identity provider.

# Enforce 2FA from an identity provider

For the most robust security, we recommend setting up FIDO2 2FA, especially through an identity provider.

If you have already set up SAML SSO with an identity provider with Organization SSO or Team SSO, you can set up FIDO2 2FA through your identity provider. Learn more about FIDO2 2FA through your identity provider’s docs or why we recommend this.

# Enforce 2FA within Netlify

You can enforce 2FA and encourage 2FA adoption through Netlify’s enforcement policies.

# Encourage 2FA setup with a warning

To help you rollout 2FA enforcement, we recommend you send all team members a warning that they must set up 2FA soon so they don’t lose access.

Warning banner in Netlify UI that informs the user they have not enabled two-factor authentication (2FA) and that their team encourages 2FA with the warning that they may lose access to team data in the future if they do not enable 2FA

This warning doesn’t disrupt any of your team members’ workflows, and you can enable this warning through Netlify’s 2FA enforcement options.

# Enforce 2FA for an organization

Only Organization Owners can enforce 2FA for an organization. Any 2FA enforcement policy set for an organization applies to all teams in that organization.

To start the 2FA enforcement process for an organization:

If you haven’t already, enable Netlify 2FA for your Netlify user ID.
Navigate to your Organization overview page. At the top of the page, use the organization menu to select your organization, then select Organization overview.
Select Access & security. Next, under Two-factor Authentication, select Edit settings.
Choose a 2FA enforcement policy:
- None (default): no enforcement
- Encouraged: display a banner to members who have not enabled 2FA
- Enforced: restrict access to organization resources for those who have not enabled 2FA

# Enforce 2FA for a team

Only Team Owners can enforce 2FA for a team. Any 2FA enforcement policies set for an organization will override a specific team’s 2FA enforcement policy.

To start the 2FA enforcement process for a team:

If you haven’t already, enable Netlify 2FA for your Netlify user ID.
Go to
Team settings Access Two-factor authentication
and select Edit settings.
Choose a 2FA enforcement policy:
- None (default): no enforcement
- Encouraged: display a banner to members who have not enabled 2FA
- Enforced: restrict access to team resources for those who have not enabled 2FA

Last updated: November 7, 2023

Did you find this doc useful?

Your feedback helps us improve our docs.