Skip to content

MFA #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Jul 1, 2025
Merged

MFA #740

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
fc4c86f
MFA
fiquick Jun 30, 2025
249b224
edit
fiquick Jun 30, 2025
a15b89a
update
fiquick Jun 30, 2025
f858f78
update
fiquick Jun 30, 2025
5c42a35
Merge branch 'console' into MFA
fiquick Jun 30, 2025
77a73ec
Update mfa.adoc
fiquick Jun 30, 2025
c4fdf5f
Update mfa.adoc
fiquick Jun 30, 2025
c9cc838
Apply suggestions from code review
fiquick Jun 30, 2025
96850f3
update
fiquick Jul 1, 2025
91d247f
update
fiquick Jul 1, 2025
e02d774
great
fiquick Jul 1, 2025
e6c4c0a
update
fiquick Jul 1, 2025
c4387d9
update
fiquick Jul 1, 2025
faf9c65
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
8af4844
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
4b88630
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
ccd988d
Merge branch 'console' into MFA
fiquick Jul 1, 2025
790120f
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
361964e
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
2ea071f
Update mfa.adoc
fiquick Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions modules/ROOT/content-nav.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,13 @@ Generic Start
** xref:logging/log-downloads.adoc[Download logs]

* Security
** xref:security/mfa.adoc[Multi-Factor Authentication]
** xref:security/single-sign-on.adoc[Single sign-on]
** xref:security/secure-connections.adoc[Secure connections]
** xref:security/encryption.adoc[Encryption]
** xref:security/tool-auth.adoc[Tool authentication with Aura user]


* xref:user-management.adoc[User management]

* xref:billing.adoc[Billing]
Expand Down
47 changes: 47 additions & 0 deletions modules/ROOT/pages/security/mfa.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
= Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password.
The verification code is generated using an authenticator app such as Google Authenticator.

There are two scenarios for MFA:

* Individual users can enable MFA for their own accounts.
* Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup.

== Enable MFA as a user via account settings

[IMPORTANT]
====
To enable MFA, you must log in using email and password, not using any SSO.
====

. Log in to the Aura Console using your email/password.
. Go to *Account > Settings > Preferences > Security*.
. Enable *Multi-Factor Authentication (MFA)*.
This automatically logs you out.
. Log back in with your email and password.
. Scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.
. Save your recovery code somewhere secure.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When do they get the recovery code? We don't mention that anywhere?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

. Scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't remember, but is the recovery code provided when you scan the QR code? Or do you mean to drop the last step?


== Enable MFA for an organization
Enabling MFA for all members of an organization consists of two parts:

* `Organization Owners` or `Organization Admins` can enable MFA that applies to all members of the organization.
* * Organization members complete the setup on their end with an authenticator app of their choice.

For organization owner or organization admin to enable MFA for their organization:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For organization owner or organization admin to enable MFA for their organization:
As an organization owner or organization admin to enable MFA for your organization:


. Go to *Account > Settings > Preferences > Security*.
. Enable *Multi-Factor Authentication (MFA)*.


Once MFA has been enabled on the organization level, as an *organization member*, you need to complete the setup on your end.
Next time they log in, they will see the message, "_Your organization has required Multi Factor Authentication (MFA).
Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._"

. Once you click *Enable*, you are logged out automatically.
. Log back in using your email and password, SSO is not supported for MFA setup.
. Use your authenticator app to scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.
. Save the recovery code somewhere secure.