DocsAPI

Multi-Factor Authentication (MFA)

MFA adds a second verification step to secure your account

Overview

Netmaker v1.0.0 introduces Multi-Factor Authentication (MFA) to provide an extra layer of security for user accounts. By requiring a second form of verification, MFA significantly reduces the risk of unauthorized access, even if login credentials are compromised. MFA is supported in both Community Edition (CE) and Pro versions. Administrators can also enforce MFA globally across all users for consistent security.

How MFA Works

When MFA is enabled, users must provide:

  • Their username and password (first factor).

  • A time-based one-time password (TOTP) code from an authenticator app.

After entering your credentials, you will be prompted for a 6-digit verification code from your authenticator app before gaining access.

Compatible Authenticators

Netmaker’s MFA uses the TOTP standard, meaning you can use any TOTP-compatible authenticator app, such as Google Authenticator, Authy, Microsoft Authenticator, or similar. If it supports TOTP, it will work with Netmaker.

Enabling MFA for Your Account

You can enable Multi-Factor Authentication (MFA) to add a second layer of security to your Netmaker account.

Steps to enable MFA:

  1. In the Netmaker web UI, click on your profile icon in the lower-left corner.

  2. Select Account from the menu.

  3. Click Enable MFA.

  4. A modal will appear—click "Start setup" and enter your password to continue.

  5. A QR code will be displayed — scan this code using your preferred TOTP-compatible authenticator app.

  6. Enter the 6-digit code from your authenticator app to verify, then click Done.

Global Enforcement

Administrators can require MFA for all users through global policy settings in the admin interface. Once enforced, users will be prompted to set up MFA at their next login.

To enable MFA enforcement, go to Settings > Security & Authentication, then switch on the Enforce Multi-factor Authentication toggle.

Logging in with MFA

After MFA is set up, the login process requires:

  1. Username & password

  2. TOTP verification code

If either factor is incorrect, access is denied.

Reseting MFA

  1. Log in with your MFA credentials.

  2. Click on your profile icon in the lower-left corner.

  3. Select Account from the menu.

  4. Click Reset MFA.

  5. Confirm your password to complete the change.

Recovering Access

If you lose access to your authenticator app, you will need to contact your Netmaker super administrator for assistance. The super administrator can disable MFA for your account, allowing you to log in again and reconfigure MFA as needed. This prevents permanent lockouts and ensures you can securely restore access to your account.

FAQs

Q: Can MFA be enforced organization-wide?
A: Yes — administrators can enforce MFA globally for all users.

Q: Is SMS-based MFA supported?
A: No — only TOTP-based MFA is supported in this version for enhanced security.