Skip to content

MFA #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Jul 1, 2025
Merged

MFA #740

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
fc4c86f
MFA
fiquick Jun 30, 2025
249b224
edit
fiquick Jun 30, 2025
a15b89a
update
fiquick Jun 30, 2025
f858f78
update
fiquick Jun 30, 2025
5c42a35
Merge branch 'console' into MFA
fiquick Jun 30, 2025
77a73ec
Update mfa.adoc
fiquick Jun 30, 2025
c4fdf5f
Update mfa.adoc
fiquick Jun 30, 2025
c9cc838
Apply suggestions from code review
fiquick Jun 30, 2025
96850f3
update
fiquick Jul 1, 2025
91d247f
update
fiquick Jul 1, 2025
e02d774
great
fiquick Jul 1, 2025
e6c4c0a
update
fiquick Jul 1, 2025
c4387d9
update
fiquick Jul 1, 2025
faf9c65
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
8af4844
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
4b88630
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
ccd988d
Merge branch 'console' into MFA
fiquick Jul 1, 2025
790120f
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
361964e
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
2ea071f
Update mfa.adoc
fiquick Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions modules/ROOT/content-nav.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,13 @@ Generic Start
** xref:logging/log-downloads.adoc[Download logs]

* Security
** xref:security/mfa.adoc[Multi-Factor Authentication]
** xref:security/single-sign-on.adoc[Single sign-on]
** xref:security/secure-connections.adoc[Secure connections]
** xref:security/encryption.adoc[Encryption]
** xref:security/tool-auth.adoc[Tool authentication with Aura user]


* xref:user-management.adoc[User management]

* xref:billing.adoc[Billing]
Expand Down
47 changes: 47 additions & 0 deletions modules/ROOT/pages/security/mfa.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
= Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password.
To generate the verification code use an authenticator app, such as Google Authenticator.

There's two scenarios for MFA:

* Scenario 1: Individual users can enable MFA for their own accounts.
* Scenario 2: Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup.

== Scenario 1. Enable MFA as a user via account settings

[IMPORTANT]
====
To enable MFA, you must log in using email and password, not Google login or SSO.
====

. Log in to the Aura Console using your email/password.
. Go to *Account > Settings > Preferences > Security*.
. In the *Multi-Factor Authentication (MFA)* section select *Enable*.
. You will be logged out automatically.
. Log back in with your email and password.
. A setup modal appears with a QR code.
. Scan the QR code.
. Enter the verification code from the authenticator app.
. Save your recovery code somewhere secure.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When do they get the recovery code? We don't mention that anywhere?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

. Scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't remember, but is the recovery code provided when you scan the QR code? Or do you mean to drop the last step?


== Scenario 2. Enable MFA for an organization

* `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization.
* Members must log in using email and password. MFA setup is not supported for accounts authenticated through SSO or Google OAuth.

=== To require MFA for all organization members:

. Go to *Account > Settings > Preferences > Security*.
. In the *Multi-Factor Authentication (MFA)* section select *Enable*.

==== Member steps to complete MFA setup:

. Organization members will see the message, "_Your organization has required Multi Factor Authentication (MFA). Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._"
. They click *Enable*.
. Are logged out automatically.
. Log back in using their email and password.
. A setup modal appears with a QR code.
. Using their authenticator app, they scan the QR code.
. Enter the verification code from the authenticator app.
. Save the recovery code somewhere secure.