Skip to main content

Organization MFA Enforcement

Organization admins can require all users to enable Multi-Factor Authentication (MFA) for enhanced security.

Enable MFA Enforcement

Require all users in your organization to set up MFA.

curl -X PATCH https://api.entryguard.io/api/v1/organization/settings \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "mfaRequired": true
  }'

Response:

{
  "id": "880e8400-e29b-41d4-a716-446655440003",
  "name": "Acme Corp",
  "subscriptionTier": "PAID",
  "mfaRequired": true,
  "passwordMinLength": 8,
  "passwordRequireUppercase": true,
  "passwordRequireLowercase": true,
  "passwordRequireDigit": true,
  "passwordRequireSpecialChar": false,
  "passwordExpirationDays": null
}

Disable MFA Enforcement

Allow users to optionally use MFA.

curl -X PATCH https://api.entryguard.io/api/v1/organization/settings \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "mfaRequired": false
  }'

User Experience

When MFA is enforced:

  1. Existing Users: Users without MFA will be prompted to set it up on their next login
  2. New Users: Must set up MFA during their first login
  3. Locked Out: Users cannot access the system until MFA is configured

The login response will include mfaSetupRequired: true for users who need to configure MFA.

Checking Organization Settings

View your organization's MFA enforcement status:

curl https://api.entryguard.io/api/v1/organization/settings \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

The mfaRequired field indicates whether MFA is enforced for all users.

Use Cases

Compliance Requirements

Many security frameworks (SOC 2, ISO 27001, etc.) require MFA for all user accounts. Enable enforcement to meet these requirements.

High-Value Resources

If your organization manages critical infrastructure, enforce MFA to reduce the risk of account compromise.

Zero-Trust Security

MFA enforcement is a key component of a zero-trust security model, ensuring that every user authenticates with at least two factors.

Admin Override

Organization admins can reset MFA for individual users if they lose access to their authenticator app. See Admin Reset Controls for details.

Next Steps