Acquisition complete HashiCorp officially joins the IBM family. Learn more
Terraform
Terraform Home

Configure two-factor authentication

User accounts can be additionally protected with two-factor authentication (2FA), and an organization owner can make this a requirement for all users.

Setting up Two-factor Authentication

To reach your user security settings page:

  1. Sign in to HCP Terraform or Terraform Enterprise.
  2. Click the user icon in the upper right corner of the screen.
  3. Choose Account Settings from the menu.

Once on this page you can set-up authentication with either a TOTP-compliant application and/or an SMS-enabled phone number. Choose your preferred authentication method and enter a phone number (optional if using an application), then follow the instructions to finish the configuration. If you are using an application, you must scan a QR code to enable it; for either method, you must enter valid authentication codes to verify a successful set-up.

After you finish, the two-factor authentication settings will change to show your currently configured authentication method. You can click the "Reveal codes" link to view backup codes, or use the "Disable 2FA" button to disable two-factor authentication.

Logging in with Two-factor Authentication

After two-factor authentication has been successfully set-up you will need to enter the code from your TOTP-compliant application or from an SMS sent to your approved SMS-enabled phone number on login.

If necessary you can also use a backup code by clicking "Use a recovery code". Please remember that each backup code can only be used to log in once.

Requiring Two-factor Authentication for All Users

If you are an organization owner you can require all users within your organization to use two-factor authentication.

Click Settings in your organization to reach your organization'a settings page, then click Authentication.

Click the button "Require two-factor". Please remember that all organization owners must have two-factor authentication on before this can be set.

Requiring Two-factor Authentication for Users with HashiCorp Cloud Platform

When you require two-factor authentication for all users and have users who sign in with their HashiCorp Cloud Platform account, the required configuration for each organization member depends on their linked HashiCorp Cloud identity: