Enforcing Multi-Factor Authentication (MFA) at Org level

Organization owners can enforce Multi Factor Authentication (MFA) for all team members and vendor platforms in their organization. When a team member without MFA performs a transaction, a pop-up blocks them with appropriate message and with a redirect link to the team member’s 2FA set up page.

After you enforce 2FA for team members, any team member without 2FA enabled will be redirected to their 2FA setup page. If it is not enabled, then the team member will not be able to view any of the program or organization related pages in Crowdcontrol.

Before enabling MFA, review the Team page to see if there are team members that don’t have 2FA enabled. If the team member has 2FA enabled, then 2FA Enabled is displayed in green color as shown the following image.

Before enabling MFA, review the **Team** page to see if there are team members that don’t have MFA enabled

If a team member doesn’t have MFA enabled, then their platform access will be distributed when MFA is enabled. If the team member is not immediately directed to the 2FA set up page, then they may need to refresh the page they are on and then they will be redirected to the 2FA set up page.

Additionally, if the page doesn’t need to reload or change while a team member is working when MFA is enabled (for example, when updating the state of a submission), then the page looks like it is not responding. The team member must refresh the page and they will be redirected to the 2FA setup page.

Enforcing 2FA for Team

To enforce 2FA for your organization:

  1. Go to Organization, click Settings > Authentication.

    Click Settings and then click Authentication**

  2. Select Bugcrowd credentials.

    Select Bugcrowd credentials

  3. Select Yes for Require two-factor authentication.

    Select **Yes** for Require two-factor authentication

  4. Click Save authentication settings.

    Click Save authentication settings

After MFA is enabled at the organization level, if a team member has not enabled their 2FA, then the team member will be redirected to the following page when accessing any programs in that organization.

After MFA is enabled at the organization level but if the team member has not enabled their 2FA, then the team member will be redirected to following page when accessing any programs in that organization

Follow the three step process as directed on the screen and then click Enable two-factor authentication.

Disabling 2FA for Team

  1. On the Authentication page, click Bugcrowd credentials.

    On the Authentication page, click Bugcrowd credentials

  2. Select No for Require two-factor authentication.

    Select No for Require two-factor authentication

  3. Click Save authentication settings.

    Click Save authentication settings


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management