From fc4c86f0c58ae2ace06a6017bf24cd49187a60e3 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 12:16:32 +0100 Subject: [PATCH 01/18] MFA --- modules/ROOT/content-nav.adoc | 2 + modules/ROOT/pages/security/mfa.adoc | 65 ++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 modules/ROOT/pages/security/mfa.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index c640c7f0d..174fe014a 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -121,11 +121,13 @@ Generic Start ** xref:logging/log-downloads.adoc[Download logs] * Security +** xref:security/mfa.adoc[Multi-Factor Authentication] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/encryption.adoc[Encryption] ** xref:security/tool-auth.adoc[Tool authentication with Aura user] + * xref:user-management.adoc[User management] * xref:billing.adoc[Billing] diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc new file mode 100644 index 000000000..1dc86a071 --- /dev/null +++ b/modules/ROOT/pages/security/mfa.adoc @@ -0,0 +1,65 @@ += Multi-Factor Authentication + +Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a one-time passcode (OTP) in addition to your password. + +There's two scenarios for MFA: + +* Individual users can enable MFA for their own accounts (e.g. if you have a personal Neo4j Aura account) +* Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup + +Use any of the following apps to generate one-time codes: + +* Authy +* Google Authenticator +* Auth0 Guardian +* Microsoft Authenticator + +== Enable MFA as a user via account settings + +[IMPORTANT] +==== +To enable MFA, you must log in using email and password, not Google login or SSO. +==== + +. Log in to the Aura Console using your email/password. +. Go to *Account > Settings > Preferences > Security*. +. In the *Multi-Factor Authentication (MFA)* section toggle *MFA ON*. +. You will be logged out automatically. +. Log back in with your email and password. +. A setup modal appears with a QR code. +. Open your authenticator app and *scan the QR code*. +. Enter the *one-time code* from the app to verify. +. *Save your recovery code* somewhere secure. + +== Enable MFA for your organization (Admins) + +* `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization. +* Members must log in using email and password. MFA setup is not supported for accounts authenticated through SSO or Google OAuth. + +=== To require MFA for all organization members: + +. Go to *Account > Settings > Preferences > Security*. +. In the *Multi-Factor Authentication (MFA)* section toggle *Enable*. + +==== Member steps to complete MFA setup: + +. Organization members will see the message, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" +. They need to click on"Enable" to be logged out and on login will be presented with: +. A setup modal appears with a QR code. +. Open their authenticator app and scan the QR code. +. Enter the one-time code from the app to verify. +. Save their recovery code somewhere secure. + + + + + + + + + + + + + + From 249b224b12741fec6e477d95f057c66566672882 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 12:45:59 +0100 Subject: [PATCH 02/18] edit --- modules/ROOT/pages/security/mfa.adoc | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 1dc86a071..a9e47a2e1 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -4,8 +4,8 @@ Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j There's two scenarios for MFA: -* Individual users can enable MFA for their own accounts (e.g. if you have a personal Neo4j Aura account) -* Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup +* Scenario 1: Individual users can enable MFA for their own accounts. +* Scenario 2: Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. Use any of the following apps to generate one-time codes: @@ -14,7 +14,7 @@ Use any of the following apps to generate one-time codes: * Auth0 Guardian * Microsoft Authenticator -== Enable MFA as a user via account settings +== Scenario 1. Enable MFA as a user via account settings [IMPORTANT] ==== @@ -23,15 +23,15 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Log in to the Aura Console using your email/password. . Go to *Account > Settings > Preferences > Security*. -. In the *Multi-Factor Authentication (MFA)* section toggle *MFA ON*. +. In the *Multi-Factor Authentication (MFA)* section select *Enable*. . You will be logged out automatically. . Log back in with your email and password. . A setup modal appears with a QR code. -. Open your authenticator app and *scan the QR code*. +. Scan the QR code. . Enter the *one-time code* from the app to verify. . *Save your recovery code* somewhere secure. -== Enable MFA for your organization (Admins) +== Scenario 2. Enable MFA for an organization * `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization. * Members must log in using email and password. MFA setup is not supported for accounts authenticated through SSO or Google OAuth. @@ -44,11 +44,13 @@ To enable MFA, you must log in using email and password, not Google login or SSO ==== Member steps to complete MFA setup: . Organization members will see the message, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" -. They need to click on"Enable" to be logged out and on login will be presented with: +. They click Enable. +. Are logged out automatically. +. Log back in using their email and password. . A setup modal appears with a QR code. -. Open their authenticator app and scan the QR code. +. Using their authenticator app, they scan the QR code. . Enter the one-time code from the app to verify. -. Save their recovery code somewhere secure. +. Save the recovery code somewhere secure. From a15b89a6a29a89e3ee15505074ad282a3b4cf9c9 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 15:17:24 +0100 Subject: [PATCH 03/18] update --- modules/ROOT/pages/security/mfa.adoc | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index a9e47a2e1..65097ec60 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,19 +1,13 @@ = Multi-Factor Authentication -Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a one-time passcode (OTP) in addition to your password. +Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a one-time passcode (OTP) in addition to your password. +To generate the one-time passcode use an authenticator app, such as Google Authenticator. There's two scenarios for MFA: * Scenario 1: Individual users can enable MFA for their own accounts. * Scenario 2: Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. -Use any of the following apps to generate one-time codes: - -* Authy -* Google Authenticator -* Auth0 Guardian -* Microsoft Authenticator - == Scenario 1. Enable MFA as a user via account settings [IMPORTANT] @@ -28,7 +22,7 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Log back in with your email and password. . A setup modal appears with a QR code. . Scan the QR code. -. Enter the *one-time code* from the app to verify. +. Enter the *one-time code* from the authenticator app. . *Save your recovery code* somewhere secure. == Scenario 2. Enable MFA for an organization @@ -49,7 +43,7 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Log back in using their email and password. . A setup modal appears with a QR code. . Using their authenticator app, they scan the QR code. -. Enter the one-time code from the app to verify. +. Enter the one-time code from the authenticator app. . Save the recovery code somewhere secure. From f858f7881499e3cd2831bfca3b16a3ef976d772a Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 15:30:01 +0100 Subject: [PATCH 04/18] update --- modules/ROOT/pages/security/mfa.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 65097ec60..a3a4ff08c 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,7 +1,7 @@ = Multi-Factor Authentication -Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a one-time passcode (OTP) in addition to your password. -To generate the one-time passcode use an authenticator app, such as Google Authenticator. +Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password. +To generate the verification code use an authenticator app, such as Google Authenticator. There's two scenarios for MFA: @@ -22,8 +22,8 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Log back in with your email and password. . A setup modal appears with a QR code. . Scan the QR code. -. Enter the *one-time code* from the authenticator app. -. *Save your recovery code* somewhere secure. +. Enter the verification code from the authenticator app. +. Save your recovery code somewhere secure. == Scenario 2. Enable MFA for an organization @@ -33,7 +33,7 @@ To enable MFA, you must log in using email and password, not Google login or SSO === To require MFA for all organization members: . Go to *Account > Settings > Preferences > Security*. -. In the *Multi-Factor Authentication (MFA)* section toggle *Enable*. +. In the *Multi-Factor Authentication (MFA)* section select *Enable*. ==== Member steps to complete MFA setup: @@ -43,7 +43,7 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Log back in using their email and password. . A setup modal appears with a QR code. . Using their authenticator app, they scan the QR code. -. Enter the one-time code from the authenticator app. +. Enter the verification code from the authenticator app. . Save the recovery code somewhere secure. From 77a73ec3c62b523a22ea8c55f5f491210ef1adc6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 15:34:55 +0100 Subject: [PATCH 05/18] Update mfa.adoc --- modules/ROOT/pages/security/mfa.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index a3a4ff08c..6d88a5181 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -38,7 +38,7 @@ To enable MFA, you must log in using email and password, not Google login or SSO ==== Member steps to complete MFA setup: . Organization members will see the message, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" -. They click Enable. +. They click *Enable*. . Are logged out automatically. . Log back in using their email and password. . A setup modal appears with a QR code. From c4fdf5fb5135a6f45d810506a393ef39d00cdee6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 15:35:13 +0100 Subject: [PATCH 06/18] Update mfa.adoc --- modules/ROOT/pages/security/mfa.adoc | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 6d88a5181..ca2aa14f5 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -45,17 +45,3 @@ To enable MFA, you must log in using email and password, not Google login or SSO . Using their authenticator app, they scan the QR code. . Enter the verification code from the authenticator app. . Save the recovery code somewhere secure. - - - - - - - - - - - - - - From c9cc8383552eab795a7212a63efbcc9ff131721d Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 30 Jun 2025 16:52:29 +0100 Subject: [PATCH 07/18] Apply suggestions from code review Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 42 ++++++++++++++-------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index ca2aa14f5..9b80e5c36 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,47 +1,47 @@ = Multi-Factor Authentication Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password. -To generate the verification code use an authenticator app, such as Google Authenticator. +The verification code is generated using an authenticator app such as Google Authenticator. -There's two scenarios for MFA: +There are two scenarios for MFA: -* Scenario 1: Individual users can enable MFA for their own accounts. -* Scenario 2: Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. +* Individual users can enable MFA for their own accounts. +* Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. -== Scenario 1. Enable MFA as a user via account settings +== Enable MFA as a user via account settings [IMPORTANT] ==== -To enable MFA, you must log in using email and password, not Google login or SSO. +To enable MFA, you must log in using email and password, not using any SSO. ==== . Log in to the Aura Console using your email/password. . Go to *Account > Settings > Preferences > Security*. -. In the *Multi-Factor Authentication (MFA)* section select *Enable*. -. You will be logged out automatically. +. Enable *Multi-Factor Authentication (MFA)*. +This automatically logs you out. . Log back in with your email and password. -. A setup modal appears with a QR code. -. Scan the QR code. +. Scan the QR code in the setup modal. . Enter the verification code from the authenticator app. . Save your recovery code somewhere secure. -== Scenario 2. Enable MFA for an organization +== Enable MFA for an organization +Enabling MFA for all members of an organization consists of two parts: * `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization. -* Members must log in using email and password. MFA setup is not supported for accounts authenticated through SSO or Google OAuth. +* * Organization members complete the setup on their end with an authenticator app of their choice. -=== To require MFA for all organization members: +For organization owner or organization admin to enable MFA for their organization: . Go to *Account > Settings > Preferences > Security*. -. In the *Multi-Factor Authentication (MFA)* section select *Enable*. +. Enable *Multi-Factor Authentication (MFA)*. -==== Member steps to complete MFA setup: -. Organization members will see the message, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" -. They click *Enable*. -. Are logged out automatically. -. Log back in using their email and password. -. A setup modal appears with a QR code. -. Using their authenticator app, they scan the QR code. +Once MFA has been enabled on the organization level, as an *organization member*, you need to complete the setup on your end. +Next time they log in, they will see the message, "_Your organization has required Multi Factor Authentication (MFA). +Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" + +. Once you click *Enable*, you are logged out automatically. +. Log back in using your email and password, SSO is not supported for MFA setup. +. Use your authenticator app to scan the QR code in the setup modal. . Enter the verification code from the authenticator app. . Save the recovery code somewhere secure. From 96850f3f450f119a84690012639bb979f6ac3e1b Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 11:08:30 +0100 Subject: [PATCH 08/18] update --- modules/ROOT/content-nav.adoc | 2 +- modules/ROOT/pages/security/mfa.adoc | 30 +++++++++++++++------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 174fe014a..a3deb37ec 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -121,7 +121,7 @@ Generic Start ** xref:logging/log-downloads.adoc[Download logs] * Security -** xref:security/mfa.adoc[Multi-Factor Authentication] +** xref:security/mfa.adoc[Multi-factor authentication] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/encryption.adoc[Encryption] diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 9b80e5c36..9844c2406 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,47 +1,49 @@ = Multi-Factor Authentication Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password. -The verification code is generated using an authenticator app such as Google Authenticator. +The verification code is generated using any authenticator app, such as Google Authenticator. There are two scenarios for MFA: * Individual users can enable MFA for their own accounts. * Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. -== Enable MFA as a user via account settings - [IMPORTANT] ==== -To enable MFA, you must log in using email and password, not using any SSO. +To enable MFA, you must log in using email and password, not using any SSO or Google Sign-In. ==== + + +== Enable MFA as a user via account settings . Log in to the Aura Console using your email/password. -. Go to *Account > Settings > Preferences > Security*. +. Select your avatar to access *Account > Settings > Preferences > Security*. . Enable *Multi-Factor Authentication (MFA)*. This automatically logs you out. . Log back in with your email and password. +. Enter the one-time password sent to your email account. . Scan the QR code in the setup modal. . Enter the verification code from the authenticator app. . Save your recovery code somewhere secure. == Enable MFA for an organization -Enabling MFA for all members of an organization consists of two parts: - -* `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization. -* * Organization members complete the setup on their end with an authenticator app of their choice. -For organization owner or organization admin to enable MFA for their organization: +`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA. +Then each organization member will be prompted to complete the setup, with an authenticator app of their choice. + +To enable MFA setup for an organization: . Go to *Account > Settings > Preferences > Security*. . Enable *Multi-Factor Authentication (MFA)*. +Once MFA has been enabled on the organization level, all *organization members* need to complete the setup. -Once MFA has been enabled on the organization level, as an *organization member*, you need to complete the setup on your end. -Next time they log in, they will see the message, "_Your organization has required Multi Factor Authentication (MFA). +The following message is shown, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" . Once you click *Enable*, you are logged out automatically. -. Log back in using your email and password, SSO is not supported for MFA setup. +. Log back in using your email and password, +. Enter the one-time password sent to your email account. . Use your authenticator app to scan the QR code in the setup modal. . Enter the verification code from the authenticator app. -. Save the recovery code somewhere secure. +. Save your recovery code somewhere secure. From 91d247f849c883845ed6662682efa851a91dbfc5 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 11:32:12 +0100 Subject: [PATCH 09/18] update --- modules/ROOT/pages/security/mfa.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 9844c2406..e0b60c28c 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -28,12 +28,12 @@ This automatically logs you out. == Enable MFA for an organization -`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA. +`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA from organization level security settings. Then each organization member will be prompted to complete the setup, with an authenticator app of their choice. -To enable MFA setup for an organization: +To require MFA setup for an organization: -. Go to *Account > Settings > Preferences > Security*. +. Go to *Organization Settings > Security & Networking > App MFA (Multi-Factor Authentication)*. . Enable *Multi-Factor Authentication (MFA)*. Once MFA has been enabled on the organization level, all *organization members* need to complete the setup. From e02d7748dcf7226b195fbe8c2bd75fee6b87e322 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 11:39:36 +0100 Subject: [PATCH 10/18] great --- modules/ROOT/pages/security/mfa.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index e0b60c28c..d0d0f75e7 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -36,9 +36,10 @@ To require MFA setup for an organization: . Go to *Organization Settings > Security & Networking > App MFA (Multi-Factor Authentication)*. . Enable *Multi-Factor Authentication (MFA)*. -Once MFA has been enabled on the organization level, all *organization members* need to complete the setup. +After MFA is enabled at the organization level, all members will see the following message in the console: -The following message is shown, "_Your organization has required Multi Factor Authentication (MFA). +[quote] +"_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" . Once you click *Enable*, you are logged out automatically. From e6c4c0a99254d40d0a685c7747ce7f83dc8a335a Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:26:40 +0100 Subject: [PATCH 11/18] update --- modules/ROOT/pages/security/mfa.adoc | 36 +++++++++++++--------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index d0d0f75e7..cfe5221eb 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,37 +1,31 @@ = Multi-Factor Authentication -Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password. +Multi-Factor Authentication (MFA) adds an extra layer of security to a Neo4j Aura account log-in by requiring a verification code in addition to username and password. The verification code is generated using any authenticator app, such as Google Authenticator. There are two scenarios for MFA: -* Individual users can enable MFA for their own accounts. +* Individual users can enable MFA for their own accounts via account settings. * Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup. [IMPORTANT] ==== -To enable MFA, you must log in using email and password, not using any SSO or Google Sign-In. +Setting up MFA requires logging in using email and password, not using SSO or Google Sign-In. ==== - == Enable MFA as a user via account settings -. Log in to the Aura Console using your email/password. -. Select your avatar to access *Account > Settings > Preferences > Security*. +. Log in to the Aura Console using email/password. +. Select *Account > Settings > Preferences > Security*. . Enable *Multi-Factor Authentication (MFA)*. -This automatically logs you out. -. Log back in with your email and password. -. Enter the one-time password sent to your email account. -. Scan the QR code in the setup modal. -. Enter the verification code from the authenticator app. -. Save your recovery code somewhere secure. +. Follow the MFA set up steps. == Enable MFA for an organization -`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA from organization level security settings. +`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA from organization security settings. Then each organization member will be prompted to complete the setup, with an authenticator app of their choice. -To require MFA setup for an organization: +To require MFA organization wide: . Go to *Organization Settings > Security & Networking > App MFA (Multi-Factor Authentication)*. . Enable *Multi-Factor Authentication (MFA)*. @@ -42,9 +36,13 @@ After MFA is enabled at the organization level, all members will see the followi "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" -. Once you click *Enable*, you are logged out automatically. -. Log back in using your email and password, -. Enter the one-time password sent to your email account. -. Use your authenticator app to scan the QR code in the setup modal. +Selecting *Enable*, logs the user out automatically, and then it's required to continue with MFA setup steps. + +== MFA set up steps + +. Log in using email and password. +. Enter the one-time code sent to your email account. +. Use an authenticator app to scan the QR code in the setup modal. . Enter the verification code from the authenticator app. -. Save your recovery code somewhere secure. +. After entering the verification code successfully, a recovery code is provided. +. Save the recovery code somewhere secure. From c4387d93e10d49e913a498a8b3acb0b8e32965f7 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 14:37:18 +0100 Subject: [PATCH 12/18] update --- modules/ROOT/pages/security/mfa.adoc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index cfe5221eb..51031dab1 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -1,6 +1,6 @@ = Multi-Factor Authentication -Multi-Factor Authentication (MFA) adds an extra layer of security to a Neo4j Aura account log-in by requiring a verification code in addition to username and password. +Multi-Factor Authentication (MFA) adds an extra layer of security to an Aura account log-in by requiring a verification code in addition to username and password. The verification code is generated using any authenticator app, such as Google Authenticator. There are two scenarios for MFA: @@ -44,5 +44,3 @@ Selecting *Enable*, logs the user out automatically, and then it's required to c . Enter the one-time code sent to your email account. . Use an authenticator app to scan the QR code in the setup modal. . Enter the verification code from the authenticator app. -. After entering the verification code successfully, a recovery code is provided. -. Save the recovery code somewhere secure. From faf9c659bfeca78fec1fbfbc2c8bf57d1b61e2fc Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:12:52 +0100 Subject: [PATCH 13/18] Update modules/ROOT/pages/security/mfa.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 51031dab1..dadb7767c 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -36,7 +36,8 @@ After MFA is enabled at the organization level, all members will see the followi "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" -Selecting *Enable*, logs the user out automatically, and then it's required to continue with MFA setup steps. +Selecting *Enable*, logs the user out automatically, and then they are required to continue with MFA setup steps. +These are the same as for an individual user setting up MFA for their own account, as described above. == MFA set up steps From 8af48444495c3497d35ca7ff0aea81bf097da5a6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:13:20 +0100 Subject: [PATCH 14/18] Update modules/ROOT/pages/security/mfa.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index dadb7767c..b9ce0dbcd 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -16,7 +16,7 @@ Setting up MFA requires logging in using email and password, not using SSO or Go == Enable MFA as a user via account settings . Log in to the Aura Console using email/password. -. Select *Account > Settings > Preferences > Security*. +. Go to *Account > Settings > Preferences > Security*. . Enable *Multi-Factor Authentication (MFA)*. . Follow the MFA set up steps. From 4b886308b5d071efaf035c85c92159ac90c3a8bd Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:13:51 +0100 Subject: [PATCH 15/18] Update modules/ROOT/pages/security/mfa.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index b9ce0dbcd..fa6a7d517 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -39,9 +39,3 @@ Clicking enable MFA below will log you out and you will then need to login using Selecting *Enable*, logs the user out automatically, and then they are required to continue with MFA setup steps. These are the same as for an individual user setting up MFA for their own account, as described above. -== MFA set up steps - -. Log in using email and password. -. Enter the one-time code sent to your email account. -. Use an authenticator app to scan the QR code in the setup modal. -. Enter the verification code from the authenticator app. From 790120f2f0c609d6a288a6dc8c48dbccefc58069 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:19:52 +0100 Subject: [PATCH 16/18] Update modules/ROOT/pages/security/mfa.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index fa6a7d517..559be30a7 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -13,7 +13,7 @@ There are two scenarios for MFA: Setting up MFA requires logging in using email and password, not using SSO or Google Sign-In. ==== -== Enable MFA as a user via account settings +== Enable individual MFA . Log in to the Aura Console using email/password. . Go to *Account > Settings > Preferences > Security*. From 361964e17366dec85a87b852f7a65dd5ff0fa57d Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:19:58 +0100 Subject: [PATCH 17/18] Update modules/ROOT/pages/security/mfa.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/mfa.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 559be30a7..53661143a 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -25,7 +25,7 @@ Setting up MFA requires logging in using email and password, not using SSO or Go `Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA from organization security settings. Then each organization member will be prompted to complete the setup, with an authenticator app of their choice. -To require MFA organization wide: +To set up organization-wide MFA: . Go to *Organization Settings > Security & Networking > App MFA (Multi-Factor Authentication)*. . Enable *Multi-Factor Authentication (MFA)*. From 2ea071f8feef165dcc578619b27454b5658caf20 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Tue, 1 Jul 2025 15:28:55 +0100 Subject: [PATCH 18/18] Update mfa.adoc --- modules/ROOT/pages/security/mfa.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/ROOT/pages/security/mfa.adoc b/modules/ROOT/pages/security/mfa.adoc index 53661143a..3974366f2 100644 --- a/modules/ROOT/pages/security/mfa.adoc +++ b/modules/ROOT/pages/security/mfa.adoc @@ -37,5 +37,3 @@ After MFA is enabled at the organization level, all members will see the followi Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._" Selecting *Enable*, logs the user out automatically, and then they are required to continue with MFA setup steps. -These are the same as for an individual user setting up MFA for their own account, as described above. -