Enforcing Multi-Factor Authentication (MFA) at Organization level

Organization owners can enforce Multi-Factor Authentication (MFA) for all team members and vendor platforms in their organization.

Enforcing 2FA for Team

To enforce 2FA for your organization, follow these steps:

  1. Go to Organization, click Settings and then the Authentication tab.

    Click Settings and then click Authentication**

  2. Select Bugcrowd credentials.

    Select Bugcrowd credentials

  3. Select Yes for Require two-factor authentication.

    Select **Yes** for Require two-factor authentication

  4. Click Save authentication settings.

    Click Save authentication settings

    After MFA is enabled at the organization level, if a team member has not enabled their 2FA, they will be redirected to the following page when accessing the organization.

    After MFA is enabled at the organization level but if the team member has not enabled their 2FA, then the team member will be redirected to following page when accessing any programs in that organization

    Follow the three step process as directed on the screen and then click Enable two-factor authentication.

    If a team member is having issues with 2FA, here are some tips to assist them:

    • If a team member is not sure if they have 2FA enabled, you can check by going to Organization and clicking Teams to see if they have the 2FA Enabled green label displayed. If the team member doesn’t have the label, they need to enabled their 2FA.
    • If a team member is not immediately directed to the 2FA set up page, they need to refresh the page to be redirected.
    • Additionally, if MFA is enabled while a team member is executing an action in the platform (example, updating the state of a submission) the page will look like it is not responding. The team member will need to refresh the page and will be redirected to the 2FA set up page.

Disabling 2FA for Team

  1. On the Authentication page, click Bugcrowd credentials.

    On the Authentication page, click Bugcrowd credentials

  2. Select No for Require two-factor authentication.

    Select No for Require two-factor authentication

  3. Click Save authentication settings.

    Click Save authentication settings

Enabling Backup Codes for 2FA Configuration

An organization user can create a set of backup codes for a MFA authenticator. If the registered MFA authenticator app or device is not available, then the user can choose one of the backup codes for one-time use; enabling the organization user to access the Bugcrowd platform.

To enable backup codes, follow these steps:

  1. Click on your profile avatar, and from the drop-down options select Security.

    security tab

  2. On the Two-factor authentication page, click Set up backup codes.

    set up backup codes

    The Two-factor backup codes page is displayed.

  3. Click Generate new backup codes.

    two factor backup codes

    A pop-up message asking for confirmation appears.

  4. Click OK.

    click-ok

    The Successfully generated two factor backup codes message is displayed.

    successfully generated two-factor backup codes

    Also, a list of codes that you can use to log in to your account is displayed.

    backup-code-list

    You can click Download to save the codes as a .txt file, click Print to save the codes as a PDF file, or click Copy to copy the codes to another file.

  5. To regenerate the backup codes, click Generate new backup codes.

    generate-new-code