Skip to content

Multi-Factor Authentication (MFA)»

Info

This feature is only available to Enterprise plan customers and when SSO is enabled. Please check out our pricing page for more information.

With the introduction of IdP independent Multi-Factor Authentication (MFA), we extend our security capabilities to provide a robust and flexible authentication system. MFA at Spacelift is designed to protect your account and sensitive resources by requiring a second form of verification, adding a critical layer of security against unauthorized access.

Warning

Before enabling MFA, consider setting up backup credentials so you can still access your account in the event of a lost security key or other unforeseen issues.

Setting up MFA for your account»

  1. In the Spacelift UI, hover over your name in the bottom-left corner.
  2. Click Personal settings, then navigate to Multi-factor authentication.
  3. Click Enable to activate MFA for your account.

Enable MFA

Adding security keys»

When MFA is enabled, you will need to register your security key:

  1. Enter a short, descriptive name for the key.
  2. Enter the security key ID.

Once added, the key will appear in your list of security keys with details like the key name, key ID, and creation date.

Deleting security keys»

You can remove a security key at any time. To delete, click the trash icon next to the key you wish to remove and confirm your action.

Viewing organization's security keys»

  1. In the Spacelift UI, hover over your name in the bottom-left corner.
  2. Click Organization settings, then navigate to Multi-factor authentication.
  3. View the security keys list. If needed, delete keys to maintain your organization's security integrity.

The security keys list on this page include keys configured by any user within the organization.

Organization security keys list

Enforce MFA»

Organization admins can enforce MFA across the organization to ensure all users comply with the security standards. Enforcing MFA means every active user must have at least one registered security key.

Warning

When you enforce MFA for the organization, existing sessions (except for yours) will be invalidated.

The next time users log in, they will be prompted to register their security keys for continued access. Ensure your users have FIDO2-compliant devices to avoid being locked out of Spacelift.

  1. In the Spacelift UI, hover over your name in the bottom-left corner.
  2. Click Organization settings, then navigate to Multi-factor authentication.
  3. Enable the Enforce multi-factor authentication slider.

After enforcing MFA»

Once MFA is enforced for your organization, all users must maintain at least one security key. The option to disable MFA (or delete all security keys) is disabled in Personal settings for them.

However, admin users always have the right to delete a user's key in Organization settings.