For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Get started using the free trial

Add MFA

Use MFA for extra security

Multi-factor authentication (MFA) and two-factor authentication (2FA) add an extra layer of security to your users' accounts, drastically reducing the chances of sensitive information being hacked by cybercriminals.

There are basically three types of authentication factors; something you:

  • Know – username, password, age, birthplace, or pet's name
  • Have – a device, phone, card, fob, or token
  • Are – a biometric, such as a fingerprint, eye iris, or voice pattern

You must add one or more authentication factors for your OneLogin account to use MFA. You can also create multiples of the same factor (remember to name them descriptively) for different audiences, such as partners or new business units.

Create an authentication factor

For the 30-day free trial, you’ll add a OneLogin Protect authentication factor, which is OneLogin’s free MFA application for iOS and Android.

1

Log in to your OneLogin account as an Administrator.

2

Go to Security > Authentication Factors.

3

On the Authentication Factors page, click New Auth Factor.

4

Select OneLogin Protect.

5

Click Save.

The authentication factor is listed on the Authentication Factors page.

The authentication factor is listed on the Authentication Factors page

Add the authentication factor to a user security policy

1

Go to Security > Policies.

2

Select Default Policy.

3

Go to the MFA tab.

4

In the One-time passwords section, check OTP Auth Required and OneLogin Protect.

In the One-time passwords section, check OTP Auth Required and OneLogin Protect
5

In the Enforcement settings section, select which users will require OTP and when:

  • Select All users from the dropdown box: This Applies to all users. Users will be prompted to set up an authentication factor during their first login attempt.
  • Select At every login.
In the Enforcement settings section, select which users will require OTP and when
6

Click Save.

Assign MFA security policies to a group

A OneLogin group is the ideal way of associating users with MFA security policies.

1

Log in to your OneLogin account as an administrator.

2

Click Administration on the toolbar to go to the Admin panel.

3

Go to Users > Groups.

4

Click New Group.

5

Name your group, and then select Default policy from the dropdown menu.

Name your group, and then select Default policy from the dropdown menu
6

Click Save.

You can now add users to this group individually or programmatically through mapping. For more information, see Groups or Mappings.

Assign MFA security policies to individual users

You can also associate MFA security policies on a per user basis.

1

Log in to your OneLogin Account Owner account.

2

Click Administration on the toolbar to go to the Admin panel.

3

Go to Users > Users.

4

Select yourself as a user.

5

Select the Authentication tab.

6

Under the User Security Policy dropdown, select Default policy.

Under the User Security Policy dropdown, select Default policy
7

Click Save User.

The user is now associated with the MFA policy. Be sure that your users have corresponding MFA applications installed on their devices. When a user logs in, they will be required to register their device.

Next steps

  • OneLogin's support for MFA means that your users can use redundant factors. If a factor is lost, the user can still access their OneLogin account using a different factor. For more information, see Add Multi-Factor Authentication.
  • Adaptive Authentication uses a machine learning algorithm that calculates risk to determine whether a login requires MFA. It can be a powerful way to provide both convenience for your users and increased security for your organization. For more information, see Adaptive Authentication.

If you’ve been using OneLogin’s free 30-day trial, click here to learn how to buy OneLogin.