> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Multi-Factor Authentication

> Enable and manage two-factor authentication and enforcement for your organization

<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
  <Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
    Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
  </Card>
</div>

Pangolin supports two‑factor authentication (2FA) for Pangolin user accounts.

### Enable or Disable 2FA

* Click your profile menu (top right) to enable two‑factor authentication.
* You will need to confirm your password and code before enabling/disabling 2FA.

### Supported Methods

* **Time‑based one‑time code (TOTP)**: Use an authenticator app (e.g., 1Password, Google Authenticator).
* **Push via email**: Contact sales to enable.
* **Push via Duo**: Contact sales to enable.

### Enforcement

<Note>
  Two‑factor enforcement (requiring 2FA at login) is available in [Enterprise Edition](/self-host/enterprise-edition) only.
</Note>

To enable enforcement, go to Organization Settings and toggle 2FA enforcement in the Security section.

* Enforcement is configured per organization.
* MFA enforcement only applies to internal Pangolin user accounts. This policy does not apply to accounts linked to an external identity provider.
* When enforced, users must enable 2FA before accessing the organization or its resources.
* Users without 2FA will see a prompt directing them to enable it before proceeding.