Require two-factor authentication for your team
For an added layer of security, you can make two-factor authentication (2FA) mandatory for all members of your Slack team.
With 2FA turned on, Slack will ask you to enter a verification code along with your normal password. It’s quick and easy to set up, and all you need is access to your mobile phone when you sign in.
Note: Required team-wide 2FA is not available to teams that already require all members to use single sign-on to access Slack.
How it works
- Everyone is notified.
When team-wide 2FA is turned on, we’ll send all members of your team an email and a Slackbot message to let them know.
- Team members set up 2FA.
Your team will have a 24-hour period to set up 2FA. After 24 hours, any team member who has not yet set up 2FA will be signed out as a precaution. (Don’t worry: They’ll just need to set up 2FA to get signed in again.) Team members who are already using 2FA won’t have to lift a finger!
- Your team is protected.
Whenever someone new joins your team, Slack will ask them to set up 2FA before they can sign in.
Note: Individual team members are able to set up 2FA for themselves, regardless of their team's plan.
Set up team-wide two-factor authentication
- Click your team name to open the Team Menu.
- Select Team settings.
- On the Settings page, click Authentication.
- Click expand to open Team-Wide Two-Factor Authentication.
- Click Activate two-factor authentication for my team.
- Enter your password to confirm.
- On the next page, you have the option to include a custom message for your team when they’re notified that 2FA has been made mandatory.
- Click Activate team-wide two-factor authentication for my team to finish.
Slack will send all members of your team an email and a Slackbot message to let them know they should set up 2FA.
Manage your team's two-factor authentication
See who has turned on 2FA
Owners and Admins can see which members of your team have set up 2FA at any time. Visit the Team Members page and sort by accounts with 2FA turned on.
Use 2FA with Google authentication or other SSO to sign in to Slack
If you’d like to use 2FA with your SSO account, you’ll need to set it up with your identity provider. If your team is using Google authentication to sign in to your Slack team, you can easily set up two-step verification with Google.
If you set up both SSO and team-wide 2FA:
- Team Owners will need to set up 2FA for themselves to keep their backup password secure.
- Multi-Channel and Single-Channel Guests would need to set up 2FA if you do not require them to use SSO.
- On teams with SSO set as optional, team members using SSO can also continue to use their Slack account to access their team. For this reason, they will also be notified when team-wide 2FA is turned on.
When a team member is locked out
Team Admins and Owners can turn off 2FA for team members. On the Team Members page, click on the blue arrow next to the team member's role on the right, then click Disable 2FA.
Note: Only the Primary Owner can turn off 2FA for other Team Owners. Likewise, only Owners can turn off 2FA for Admins.
- Team Owners and Admins can turn on this feature for all members.
- Available to teams on the Standard and Plus plans.