> For the complete documentation index, see [llms.txt](https://learn.netmaker.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://learn.netmaker.io/features/multi-factor-authentication.md).

# Multi-Factor Authentication

MFA adds a second verification step to secure your account

### Overview

Starting with **Netmaker v1.0.0**, **Multi-Factor Authentication (MFA)** is available to enhance account security. MFA adds a secondary verification step, helping prevent unauthorized access even if user credentials are exposed.

MFA is supported in both **Community Edition (CE)** and **Pro**, can be enforced globally by administrators, and is currently available **only for on-premises deployments**.

### How MFA Works

When MFA is enabled, users must provide:

* Their username and password (first factor).
* A time-based one-time password (TOTP) code from an authenticator app.

After entering your credentials, you will be prompted for a 6-digit verification code from your authenticator app before gaining access.

### Compatible Authenticators

Netmaker’s MFA uses the **TOTP standard**, meaning you can use **any TOTP-compatible authenticator app**, such as Google Authenticator, Authy, Microsoft Authenticator, or similar. If it supports TOTP, it will work with Netmaker.

### Enabling MFA for Your Account

You can enable Multi-Factor Authentication (MFA) to add a second layer of security to your Netmaker account.

{% stepper %}
{% step %}

### Open Account settings

In the Netmaker web UI, click on your profile icon in the lower-left corner and select **Account** from the menu.

![](/files/e7KcYG0M0XinQWVndTxS)
{% endstep %}

{% step %}

### Start setup

Click **Enable MFA**, then in the modal click **Start setup** and enter your password to continue.

![](/files/Ihksgb3brqBDVQYb0v7l)
{% endstep %}

{% step %}

### Scan the QR code

A QR code will be displayed — scan this code using your preferred TOTP-compatible authenticator app.

![](/files/pOs0xaRr6fcCcLPfaZ4W)
{% endstep %}

{% step %}

### Verify

Enter the 6-digit code from your authenticator app to verify, then click Done.
{% endstep %}
{% endstepper %}

### Global Enforcement

Administrators can require MFA for all users through global policy settings in the admin interface. Once enforced, users will be prompted to set up MFA at their next login.

To enable MFA enforcement, go to **Settings** > **Security & Authentication**, then switch on the **Enforce Multi-factor Authentication** toggle.

![](/files/4b1CNG6pXyG3OTlwo2S5)

### Logging in with MFA

After MFA is set up, the login process requires:

* Username & password
* TOTP verification code

If either factor is incorrect, access is denied.

### Resetting MFA

{% stepper %}
{% step %}

### Open Account settings

Log in with your MFA credentials. Click on your profile icon in the lower-left corner and select **Account** from the menu.
{% endstep %}

{% step %}

### Reset MFA

Click **Reset MFA**.
{% endstep %}

{% step %}

### Confirm

Confirm your password to complete the change.
{% endstep %}
{% endstepper %}

### Recovering Access

If you lose access to your authenticator app, you will need to contact your Netmaker **super administrator** for assistance. The super administrator can disable MFA for your account, allowing you to log in again and reconfigure MFA as needed. This prevents permanent lockouts and ensures you can securely restore access to your account.

### FAQs

<details>

<summary>Can MFA be enforced organization-wide?</summary>

Yes — administrators can enforce MFA globally for all users.

</details>

<details>

<summary>Is SMS-based MFA supported?</summary>

No — only TOTP-based MFA is supported in this version for enhanced security.

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://learn.netmaker.io/features/multi-factor-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.