Mandatory workspace two-factor authentication

For an added layer of security, you can require your members and guests to use two-factor authentication (2FA) when they sign in to Slack.

How 2FA works

  • Members and guests will get a verification code sent to their mobile device.
  • To sign in, they'll enter their verification code along with their password.
  • Members and guests will need access to enter a verification code sent to their mobile device each time they sign in.

Note: If you're using single sign-on (SSO), mandatory 2FA should be set up through your identity provider.


Turn on mandatory 2FA

Free, Pro, and Business+ plans

Enterprise Grid plan

Workspace Owners and Admins can make 2FA mandatory for members of their workspace:

  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then click Workspace settings.
  3. Click Authentication
  4. Next to Workspace-wide two-factor authentication, click Expand.
  5. Click Activate two-factor authentication for my workspace, then enter your password.
  6. Customize the Slackbot message for your members, if you'd like.
  7. Click Activate two-factor authentication. Members will get an email and Slackbot message to help them get set up. 

    Members who don't set up 2FA within 24 hours will be signed out of Slack and prompted to set up 2FA before they can sign in again. New members will be required to set up 2FA before creating an account and signing in to Slack.

Org Owners and Admins can make 2FA mandatory for all workspaces in their Enterprise Grid org:

  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then click Organization settings.
  3. Select  Security from the left sidebar, then click Security Settings.
  4. Click Turn on Mandatory 2FA.
  5. Customize the Slackbot message for your members, if you'd like.
  6. Click Turn on Mandatory 2FA. Members will get an email and a Slackbot message to help them to get set up.

    Members who don't set up 2FA within 24 hours will be signed out of Slack and prompted to set up 2FA before they can sign in again. New members will be required to set up 2FA before signing in to Slack.

Tip: Visit our Set up two-factor authentication article for step-by-step instructions for setting up 2FA for your account.

 

See who has 2FA set up

Free, Pro, and Business+ plans

Enterprise Grid plan

Workspace Owners and Admins can see which members have 2FA set up:

  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then clickManage members.
  3. Select Filters in the top right.
  4. Below Authentication, check the box next to Two-factor (2FA).

Workspace Owners and Admins of workspaces in an Enterprise Grid org can see which of their members have 2FA set up:

  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then click Manage members.
  3. Select Filters in the top right.
  4. Below Authentication, check the box next to Two-factor (2FA).

Note: You can only see who has 2FA enabled at the workspace level at this time.

 

Restore access for locked-out members

Free, Pro, and Business+ plans

Enterprise Grid plan

If a member gets locked out, Workspace Owners and Admins can temporarily turn off 2FA for that person. On their next sign-in attempt, they'll be prompted to set up 2FA again. Here's how to turn off 2FA for a member:

  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then click Manage members.
  3. Click the  three dots icon to the right of the member's name.
  4. Choose Disable 2FA.

Note: Only the Workspace Primary Owner can turn off 2FA for Workspace Owners. Only Workspace Owners can turn off 2FA for Workspace Admins.

If a member gets locked out, Org Owners and Admins can temporarily turn off 2FA for that person. On their next sign-in attempt, they'll be prompted to set up 2FA again. Here's how to turn off 2FA for a member:
  1. From your desktop, click your workspace name in the top left.
  2. Select Settings & administration from the menu, then click Manage members.
  3. Click the  three dots icon to the right of the member's name.
  4. Choose Disable 2FA.

 

Use 2FA with single sign-on

Pro and Business+ plans

Enterprise Grid plan

Workspace Owners and Admins can set up 2FA alongside SAML single sign-on (SSO). To do so, make sure to set up 2FA with your identity provider. If you're using Google authentication with Slack, set up two-step verification with Google. 

What to expect

  • Workspace Owners must set up 2FA for themselves to keep their backup password secure. 
  • Guests must set up 2FA if they are not required to use SSO. 
  • On workspaces where SSO is optional, members can use SSO or their email address and password to sign in to Slack. These members will also be notified when workspace-wide 2FA is turned on.
  • 2FA in Slack will be turned off when a member connects, or binds, their SSO account.
In an Enterprise Grid org, Org Owners and Admins can set up 2FA alongside SAML single sign-on. To do so, make sure to set up 2FA with your identity provider. If you're using Google authentication with Slack, set up two-step verification with Google.

What to expect

  • Org Owners must set up 2FA for themselves to keep their backup password secure.
  • Members and Guests must set up 2FA if they are not required to use SSO
Who can use this feature?
  • Workspace Owners/Admins and Org Owners/Admins
  • Available on all plans