Mandatory workspace two-factor authentication

For an added layer of security, you can make two-factor authentication (2FA) mandatory for all members when they sign in to Slack.

With 2FA turned on, members will need to enter a verification code along with their normal password. It’s easy to set up and all they’ll need is access to their mobile phone when they sign in.

Note: Mandatory 2FA is not available when members are required to use single sign-on to access Slack workspaces.


Turn on mandatory 2FA

Slack for Teams

Slack Enterprise Grid

  1. Click your workspace name in the top left to open the menu.
  2. Select Settings.
  3. Click Authentication.
  4. Click expand next to Two-Factor Authentication.
  5. Click Activate two-factor authentication, then enter your password.
  6. Add a message that members will see to let them know that 2FA is mandatory.
  7. Click Activate two-factor authenticationMembers will get both an email and a Slackbot message prompting them to set up 2FA.
  1. Sign in to your Slack Enterprise Grid, then click Manage Organization.
  2. Visit the  Security page of the Admin Dashboard.
  3. Click Turn on Mandatory 2FA.
  4. Add a message that members will see to let them know that 2FA is mandatory for the whole organization.
  5. Click Turn on Mandatory 2FA. Members will get both an email and a Slackbot message prompting them to set up 2FA.


Manage mandatory 2FA

Slack for Teams

Slack Enterprise Grid

See who has 2FA turned on

Workspace Owners and Workspace Admins can see which members have set up 2FA.

  1. Click your workspace name in the top left to open the menu.
  2. Select Manage members.
  3. On the Members page, sort by accounts with Two-Factor Authentication Enabled.


Use 2FA with Slack's single sign-on

2FA can be used with workspaces that are also using SAML-based single-sign on (SSO), but you’ll need to set 2FA up with your identity provider. If you’re using Google authentication to sign in to Slack, you can set up two-step verification with Google.

Here’s how Slack with SSO and mandatory 2FA work together:

  • Workspace Owners must set up 2FA for themselves to keep their backup password secure.
  • Guests must set up 2FA if they are not required to use SSO.
  • On workspaces where SSO is optional, members can use SSO or their email and password to sign in to Slack. For this reason, these members will also be notified when workspace-wide 2FA is turned on.


When a member is locked out

Workspace Owners/Admins can turn off 2FA for members from the Members page. Click the blue arrow next to the member’s role on the right, then click Disable 2FA.

Note: Only the Workspace Primary Owner can turn off 2FA for Workspace Owners. Likewise, only Workspace Owners can turn off 2FA for Workspace Admins.

See who has 2FA turned on

Workspace Owners and Workspace Admins can see which members have set up 2FA.

  1. Click your workspace name in the top left to open the menu.
  2. Select Manage members.
  3. On the Members page, sort by accounts with Two-Factor Authentication Enabled.

Note: This information isn’t viewable from the organization’s Enterprise Grid Admin Dashboard at this time.


Use 2FA with Slack's single sign-on

2FA can be used with workspaces that are also using SAML-based single-sign on (SSO), but you’ll need to set 2FA up with your identity provider. If you’re using Google authentication to sign in to Slack, you can set up two-step verification with Google.

Here’s how Slack with SSO and mandatory 2FA work together:

  • Workspace Owners must set up 2FA for themselves to keep their backup password secure.
  • Guests must set up 2FA if they are not required to use SSO.
  • On workspaces where SSO is optional, members can use SSO or their email and password to sign in to Slack. For this reason, these members will also be notified when workspace-wide 2FA is turned on.


When a member is locked out

Org Owners/Admins can turn off 2FA for members at the org level.

  1. Sign in to your Slack Enterprise Grid, then click Manage organization.
  2. Visit the  Organization page of the Admin Dashboard.
  3. Click Members.
  4. Search for a member, then click their name to view their profile.
  5. Click the  gear icon, then select Disable 2FA.

Workspace Owners/Admins can also turn off 2FA for members from the Members page. Click the blue arrow next to the member’s role on the right, then click Disable 2FA.

Note: Only the Workspace Primary Owner can turn off 2FA for Workspace Owners. Likewise, only Workspace Owners can turn off 2FA for Workspace Admins.

Who can use this feature?
  • Workspace Owners/Admins and Org Owners/Admins can turn on this feature.
  • Available on the Standard and Plus plans and Slack Enterprise Grid.

Related Articles

Recently Viewed Articles