Turning on enforced MFA for all users

For an added layer of security, you can make multi-factor authentication (MFA) mandatory for all users in your IT Glue account.

MFA, sometimes referred to as two-factor authentication or 2FA, is a two-step verification process that is focused on helping secure access to the user's account. It's easy to set up MFA. To log in, all the user will need is access to their mobile phone.


  • You must have Administrator or Manager-level access to turn on this setting.
  • You can review the list under Account > Users to check which users have already enabled MFA prior to making it a policy. If an MFA padlock icon is open, it means the user hasn't set up their MFA yet.
Note: Keep in mind that if you enforce MFA, then IT Glue Lite users must also enable it to log in.


  1. Click Account from the top navigation bar.
  2. Click Settings from the sidebar.

  3. Click the Authentication tab.
  4. Select the Require MFA for access to this account checkbox.

  5. Click Save.

Once you make this change, anyone who has MFA disabled will be prompted to set up MFA as soon as they try to log in. If you turn off enforced MFA later, this does not turn off MFA for users that have already set it up.

Common Questions

How do SSO and enforced MFA work together?

You can have both single-sign on (SSO) and enforced MFA turned on in your IT Glue account, plus set MFA up through your SSO provider. This gives you the highest security for an SSO enabled IT Glue account, by making sure that only users with MFA set up have the ability to log in.

What happens when someone is locked out?

An Administrator can reset the user's MFA from the Account > Users screen. Find the user's name and click the pencil_icon.png (pencil icon) on the far right. On the Edit User screen, click the Reset MFA link to immediately reset the user's MFA.

You can find other MFA troubleshooting help in our Troubleshooting MFA login article.

Was this article helpful?
11 out of 12 found this helpful
Have more questions? Contact us