> For the complete documentation index, see [llms.txt](https://docs.verygoodsecurity.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.verygoodsecurity.com/enterprise-platform/access-management/manage-users/configuring-multi-factor-authentication.md). # Configuring Multi-factor Authentication Enterprise digital resources should require authentication, where a user supplies their identity and evidence to prove the authenticity of that identity. Single-factor authentication is typically a simple password; however, a password can be stolen, guessed, or brute-forced with many attempts. Therefore, we recommend MFA, where a user must supply at least two pieces of evidence: something they know (e.g., a password), something they possess (e.g., a smartphone), and/or something they are (e.g., a fingerprint). A common practice is to install a third-party authenticator application that displays a random and constantly refreshing number or code, which the user enters for authentication. Some password managers also offer this service. VGS is continuously looking for ways to improve security and minimize risk to our users, including for identity management. Our Identity and Access Management (IAM) system supports [WebAuthN](https://www.w3.org/TR/webauthn/) so you can easily and securely authenticate your MFA login with a single tap. You can select which authentication method you prefer for login, including a one-time password (OTP) credential, a WebAuthn credential, or a password-less login (e.g., just WebAuthn). You can have multiple OTP devices and/or multiple WebAuthn devices. You can select which type of device to use during login, and which specific device to use. OTP is a widely used industry standard for MFA. Its passwords (codes) have an incredibly short lifespan, and they are safer to use than SMS or other IAM solutions.

It is quick and easy to set up OTP. VGS makes sure that transitioning from your existing MFA solution to OTP is painless. There are two simple steps: * When you log into the VGS Dashboard, enable one-time password (OTP) * Create a new password for your Dashboard Each of these changes is followed by an email confirmation, a Dashboard notification, and a message in your customer channel.

Once you submit credentials (username/password) that are successfully validated, you are then led to the next factor for validation, which is when you enter your OTP. #### Forced MFA Policy MFA is enabled automatically for all users if the corresponding requirement is set on the [organization level](/enterprise-platform/access-management/manage-users/assigning-roles-to-users.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.verygoodsecurity.com/enterprise-platform/access-management/manage-users/configuring-multi-factor-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.