Organizations > Security

Requiring 2FA for Your Organization

Updated

Turning on Require two-factor authentication makes 2FA mandatory for every member of the organization. New invites can't be accepted until the invitee enrolls. Existing members without 2FA get blocked from the organization until they enroll too.

This is one of the highest-impact security settings in the portal. If a teammate's password leaks, 2FA is what stops the attacker from getting in.

Before you start

  • You need to be an owner or admin of the organization. Other roles can't see the Security tab.
  • You need 2FA enabled on your own account before you can turn the requirement on for everyone else. If you don't have it yet, the toggle will pop open an enrollment dialog first - see Setting up 2FA for the walkthrough.
  • All current members without 2FA will lose access to this organization until they enroll. Give them a heads-up before flipping the switch.
  1. In the sidebar on the left, find the Organization section.
  2. Click Security under it. The Organization Security page opens.
CleanShot 2026-06-08 at 11.29.03@2x.png

2. Turn the toggle on

  1. Click the toggle on the right of the Require two-factor authentication card.
CleanShot 2026-06-08 at 11.30.04@2x.png
  1. One of two things happens, depending on whether you have 2FA on your own account yet:
  • If you already have 2FA enabled, the setting saves right away. The card description updates to confirm the policy is on, and a green toast appears: 2FA is now required for this organization.
  • If you don't have 2FA yet, an enrollment dialog opens before anything saves. Complete 2FA setup as usual (scan the QR code, enter the verification code, save your backup codes). The moment you finish, the requirement turns on automatically.
CleanShot 2026-06-08 at 11.30.37@2x.png

What changes from here

For members with 2FA already enabled - nothing changes for them. They keep working as before.

For members without 2FA:

  • Pending invitations to this organization can't be accepted. The invite row shows a 2FA required badge so the invitee knows what's blocking them.
  • Existing members get redirected to a 2FA setup screen the next time they make any request inside this organization. They can't switch into it, view resources, or take any action until they enroll.
  • They can still use the portal for any other organization they belong to that doesn't require 2FA. The lockout only applies to this organization.

You'll also notice a lock icon appears next to this organization in the org switcher, both for you and for anyone else who can see it. That's the visual cue that 2FA is required.

Turning it off

If you need to remove the requirement later:

  1. Go back to Organization  > Security.

CleanShot 2026-06-08 at 11.31.33@2x.png
  1. Click the same toggle. This time it's already on, so clicking flips it toward off.

CleanShot 2026-06-08 at 11.32.18@2x.png
  1. A confirmation dialog opens: Members of [org name] will no longer be required to have two-factor authentication. Existing accounts without 2FA will regain access.
  1. Slide the Slide to disable rail to the right to confirm.

CleanShot 2026-06-08 at 11.34.32@2x.png
  1. The policy is removed. Any members who were locked out can sign in to this organization again, and the lock icon disappears from the switcher.

Turning the requirement off does not turn off 2FA on anyone's account. It only removes the requirement. Each member's 2FA setup stays exactly as they configured it.

Requiring 2FA for Your Organization — Docs | Synteq