Skip to content

MFA #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Jul 1, 2025
Merged

MFA #740

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
fc4c86f
MFA
fiquick Jun 30, 2025
249b224
edit
fiquick Jun 30, 2025
a15b89a
update
fiquick Jun 30, 2025
f858f78
update
fiquick Jun 30, 2025
5c42a35
Merge branch 'console' into MFA
fiquick Jun 30, 2025
77a73ec
Update mfa.adoc
fiquick Jun 30, 2025
c4fdf5f
Update mfa.adoc
fiquick Jun 30, 2025
c9cc838
Apply suggestions from code review
fiquick Jun 30, 2025
96850f3
update
fiquick Jul 1, 2025
91d247f
update
fiquick Jul 1, 2025
e02d774
great
fiquick Jul 1, 2025
e6c4c0a
update
fiquick Jul 1, 2025
c4387d9
update
fiquick Jul 1, 2025
faf9c65
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
8af4844
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
4b88630
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
ccd988d
Merge branch 'console' into MFA
fiquick Jul 1, 2025
790120f
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
361964e
Update modules/ROOT/pages/security/mfa.adoc
fiquick Jul 1, 2025
2ea071f
Update mfa.adoc
fiquick Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions modules/ROOT/content-nav.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,13 @@ Generic Start
** xref:logging/log-downloads.adoc[Download logs]

* Security
** xref:security/mfa.adoc[Multi-factor authentication]
** xref:security/single-sign-on.adoc[Single sign-on]
** xref:security/secure-connections.adoc[Secure connections]
** xref:security/encryption.adoc[Encryption]
** xref:security/tool-auth.adoc[Tool authentication with Aura user]


* xref:user-management.adoc[User management]

* xref:billing.adoc[Billing]
Expand Down
50 changes: 50 additions & 0 deletions modules/ROOT/pages/security/mfa.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
= Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of security to your Neo4j Aura account by requiring a verification code in addition to your password.
The verification code is generated using any authenticator app, such as Google Authenticator.

There are two scenarios for MFA:

* Individual users can enable MFA for their own accounts.
* Organization administrators can enable MFA for an entire organization, then it's mandatory for all members to go through the MFA setup.

[IMPORTANT]
====
To enable MFA, you must log in using email and password, not using any SSO or Google Sign-In.
====


== Enable MFA as a user via account settings

. Log in to the Aura Console using your email/password.
. Select your avatar to access *Account > Settings > Preferences > Security*.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't really use avatar for this anywhere. To say "Account settings" is enough.

. Enable *Multi-Factor Authentication (MFA)*.
This automatically logs you out.
. Log back in with your email and password.
. Enter the one-time password sent to your email account.
. Scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.
. Save your recovery code somewhere secure.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When do they get the recovery code? We don't mention that anywhere?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

. Scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't remember, but is the recovery code provided when you scan the QR code? Or do you mean to drop the last step?


== Enable MFA for an organization

`Organization Owners` or `Organization Admins` can require all members of an organization to set up MFA from organization level security settings.
Then each organization member will be prompted to complete the setup, with an authenticator app of their choice.

To require MFA setup for an organization:

. Go to *Organization Settings > Security & Networking > App MFA (Multi-Factor Authentication)*.
. Enable *Multi-Factor Authentication (MFA)*.

After MFA is enabled at the organization level, all members will see the following message in the console:

[quote]
"_Your organization has required Multi Factor Authentication (MFA).
Clicking enable MFA below will log you out and you will then need to login using your email and password to configure MFA._"

. Once you click *Enable*, you are logged out automatically.
. Log back in using your email and password,
. Enter the one-time password sent to your email account.
. Use your authenticator app to scan the QR code in the setup modal.
. Enter the verification code from the authenticator app.
. Save your recovery code somewhere secure.