1. Slack Help Center
  2. Workspace administration
  3. Configure access & security
    4. Mandatory workspace two-factor authentication

Mandatory workspace two-factor authentication

For an added layer of security, you can require your members and guests to use two-factor authentication (2FA) when they sign in to Slack.

How 2FA works

  • Members will get a verification code sent to their mobile device. To sign, they'll enter their verification code along with their Slack password.
  • By default, people can choose between SMS text message and authentication app 2FA methods. On paid plans, owners and admins can restrict this to prevent members from using SMS for 2FA.
  • Owners and admins on paid plans are required to use 2FA when signing in to Slack even if they haven’t enabled mandatory 2FA. For workspaces or orgs with single sign-on (SSO) enabled, only owners and admins can bypass SSO to sign in with their email address and password are required to use 2FA.

Note: If you're using SSO, 2FA should be set up through your identity provider.


Turn on mandatory 2FA

Free, Pro, and Business+ plans

Enterprise plans

  1. From your desktop, click your workspace name in the sidebar.
  2. Select Tools & settings from the menu, then click Workspace settings.
  3. Below Administration in the left sidebar, click   Security settings
  4. Next to Two-factor authentication for email sign-in, click Edit.
  5. Check the box next to Require members to have 2FA set up. If you’d like, select Authenticator apps only to prevent people from using SMS for 2FA.
  6. Click Save. Members will get an email and a direct message (DM) from Slackbot to help them get set up.

People who don't set up 2FA within 24 hours will be signed out of Slack and prompted to set up 2FA before they can sign in again. New members will be required to set up 2FA before creating an account and signing in to Slack.

  1. From your desktop, click your organization name in the sidebar.
  2. Hover over Tools & settings, then click Organization settings.
  3. From the sidebar, click  Security, then click Security settings.
  4. Next to Two-factor authentication for email sign-in, click Edit
  5. Check the box next to Require members to have 2FA set up. If you'd like, select Authenticator apps only to prevent people from using SMS for 2FA.
  6. Click Save. Members will get an email and a direct message (DM) from Slackbot to help them to get set up.

People who don't set up 2FA within 24 hours will be signed out of Slack and prompted to set up 2FA before they can sign in again. New members will be required to set up 2FA before signing in to Slack.

 

See who has 2FA set up

Free, Pro, and Business+ plans

Enterprise plans

Workspace Owners and Admins can see which members have 2FA set up:

  1. From your desktop, click your workspace name in the sidebar.
  2. Select Tools & settings from the menu, then click Manage members.
  3. Select Filters in the top right.
  4. Below Authentication, check the box next to Two-factor (2FA).

Workspace Owners and Admins of workspaces in an Enterprise org can see which of their members have 2FA set up:

  1. From your desktop, click your workspace name in the sidebar.
  2. Select Tools & settings from the menu, then click Manage members.
  3. Select Filters in the top right.
  4. Below Authentication, check the box next to Two-factor (2FA).

Note: You can only see who has 2FA enabled at the workspace level at this time.

 

Restore access for locked-out members

Free, Pro, and Business+ plans

Enterprise plans

If a member gets locked out, Workspace Owners and Admins can temporarily turn off 2FA for that person. On their next sign-in attempt, they'll be prompted to set up 2FA again. Here's how to turn off 2FA for a member:

  1. From your desktop, click your workspace name in the sidebar.
  2. Select Tools & settings from the menu, then click Manage members.
  3. Click the  three dots icon to the right of the member's name.
  4. Choose Disable 2FA.
If a member gets locked out, Org Owners and Admins can temporarily turn off 2FA for that person. On their next sign-in attempt, they'll be prompted to set up 2FA again. Here's how to turn off 2FA for a member:
  1. From your desktop, click your organization name in the sidebar.
  2. Select Tools & settings from the menu, then click Manage members.
  3. Click the  three dots icon to the right of the member's name.
  4. Choose Disable 2FA.

Note: Only the Workspace Primary Owner can turn off 2FA for Workspace Owners. Only Workspace Owners can turn off 2FA for Workspace Admins.

 

Use 2FA with single sign-on

Pro and Business+ plans

Enterprise plans

Workspace Owners and Admins can set up 2FA alongside SAML single sign-on (SSO). To do so, make sure to set up 2FA with your identity provider. If you're using Google authentication with Slack, set up two-step verification with Google. 

What to expect

  • Workspace Owners must set up 2FA for themselves to keep their backup password secure. 
  • Guests must set up 2FA if they are not required to use SSO. 
  • On workspaces where SSO is optional, members can use SSO or their email address and password to sign in to Slack. These members will also be notified when workspace-wide 2FA is turned on.
  • 2FA in Slack will be turned off when a member connects, or binds, their SSO account.
In an Enterprise org, Org Owners and Admins can set up 2FA alongside SAML single sign-on. To do so, make sure to set up 2FA with your identity provider. If you're using Google authentication with Slack, set up two-step verification with Google.

What to expect

  • Org Owners must set up 2FA for themselves to keep their backup password secure.
  • Members and guests must set up 2FA if they are not required to use SSO
Who can use this feature?
  • Workspace Owners/Admins and Org Owners/Admins
  • Available on all plans

Awesome!

Thanks so much for your feedback!

If you’d like a member of our support team to respond to you, please send a note to feedback@slack.com.

Was this article helpful?Yes, thanks!Not really
Sorry about that! What did you find most unhelpful?
0/600
Submit article feedback

If you’d like a member of our support team to respond to you, please send a note to feedback@slack.com.

Oops! We're having trouble. Please try again later!