Skip to main content
Enable MFA enforcement
Language

Enforce MFA for your team

Require all team members to use multi-factor authentication (MFA) before accessing your cside dashboard.

Organization administrators can require multi-factor authentication (MFA) for all members of a team. When you turn on enforcement, you choose how strictly it’s applied: a persistent banner that reminds members to set up MFA, or a hard cutoff that locks them out after 14 days.

Enable MFA enforcement

  1. Open team settings or navigate to Team Settings > Security
  2. Toggle Require MFA to on
  3. Select an enforcement mode (see below)
  4. Confirm the change

This takes effect immediately for all current and future team members.

Organization administrators

Only organization administrators can enable or disable MFA enforcement. Team-level admins can view the setting but cannot change it.

Enforcement modes

When enabling MFA enforcement, you pick one of two modes:

Members without MFA see a persistent banner at the top of the dashboard on every login, prompting them to set up MFA. They can still access the dashboard and use all features while the banner is active. This is a good option if you want to encourage adoption without disrupting your team’s workflow.

Hard cutoff (14 days)

Members without MFA get the same banner, but after 14 days they are locked out of the dashboard entirely. On their next login after the cutoff, they must complete MFA setup before they can access anything. Use this mode when your security policy requires MFA and you need a firm deadline.

You can switch between modes at any time in Team Settings > Security. Switching to hard cutoff starts the 14-day window from the date you enable it, not from when the member was first notified.

What happens when MFA is enforced

  • Members who already have MFA enabled can log in as normal, regardless of mode
  • Members without MFA see a banner prompting them to set up MFA
  • In hard cutoff mode, members who haven’t set up MFA after 14 days are locked out until they complete setup
  • New members invited after enforcement is turned on are subject to the same mode and timeline

All enforcement changes are recorded in audit logs.

Supported MFA methods

Both MFA methods work with enforcement:

  • Authenticator apps - Authy, Google Authenticator, 1Password, and other TOTP apps
  • Hardware security keys - YubiKeys and other FIDO2 devices

Team members can choose either method during setup. For step-by-step instructions, see How to set up MFA.

Best practices

  • Give your team a heads-up first. Share the MFA setup guide before turning enforcement on so people can get set up on their own time.
  • Recommend backup methods. Having both an authenticator app and a hardware key prevents lockouts if one method is unavailable.
  • Check audit logs. After enabling enforcement, use audit logs to confirm members are completing setup.
Was this page helpful?