»Introduction to Multi-Factor Authentication

HashiCorp Cloud Platform (HCP) allows organizations to sign in using several different sign-in methods, including email-based. Other sign-in methods include GitHub-based and Single Sign-On through Okta. To help secure your account and your company's data, HCP offers Multi-Factor Authentication (MFA) with the email-based sign-in method. This optional feature is also commonly known as two-factor authentication or 2FA.

With MFA, you will need a password (credential), and an authenticator application downloaded to your phone. HCP offers one method of MFA called One-Time Password (OTP). A One-Time Password is a sequence of numbers that are generated by an authenticator application. If you lose your device, you can use the recovery code provided during the setup process. Make sure to record the recovery code and save it to a secure location.

»Enabling MFA

To enable MFA within your HCP portal, navigate to the top right corner of the drop-down menu where your user profile photo is located and select Account Settings.

Account Settings

In Account settings, select the Security tab.

Security Tab

If you did not initially enroll in MFA when you created your HCP account, the Status would display Not enabled. Click Enable MFA to begin the MFA setup process. The setup process may take up to 10 minutes to complete.

After you clicked Enable MFA, the following screen appears.

Enable MFA

Click Continue. The MFA enablement setup process will take you out of the HCP portal and back to the sign-in screen widget. Please allow some time for the page to process and reload before it takes you back into the HCP portal. Once you are authenticated back into the portal, you will see the One-Time Password screen. You may use the Google Authenticator or a similar authenticator application to scan the QR code. Once the code is generated from your authenticator application, enter the 6-digit code to move on to the next step. In the event that you do not have a device on hand to scan the QR code, you can click the text code link, where it will automatically copy a string for you. Manually enter the string code into your authentication application and click Verify.

One-Time Password

Once you successfully verified the code, a recovery code is provided; record the recovery code and safely store in a secure location. A recovery code provides a method to authenticate back into the HCP portal if you do not have access to a device.

Recovery Code

Once you have secured your recovery code and finalized the MFA setup process, the Status will change to MFA enabled, confirming that you have successfully enabled MFA.

»Disabling MFA

Disabling MFA requires that you have your OTP or recovery code on hand. Alternatively, if you have an active HCP session and you enabled Remember this browser, you can also disable MFA. If you do not have either one of these methods in place, you will not be able to perform the manual steps described below to remove MFA, in which case, you must contact support to perform a hard reset to remove MFA.

To disable MFA, select the "Disable MFA" link under the MFA status. From the Multi-factor Authentication (MFA) section, click Disable MFA.

Disable MFA

You will be required to log back in using your email-based login credentials. From there, you will be promted to enter your 6-digit OTP code from your authentication app.

OTP

One you have entered your 6-digit OTP code, the Disable MFA page opens where you will need to manually enter the word DISABLE to confirm that you want to remove MFA from your account. Please allow some time for the page to process and reload before it takes you back into the HCP portal.

Disable MFA

»Troubleshooting

If you run into issues where you could not verify your 6-digit code, it's likely that the system is temporarily down.

QR Error Code

To mitigate this issue, try re-generating a new OTP. If you misplaced your device or unable to access your device, or need to sign in without one, use the recovery code that you securely saved to sign back into the HCP portal. Note that there may be a five-minute time-out period if you did not complete the setup process within the timeframe given to complete the MFA setup process.

If errors persist or you have lost your recovery code, please contact Support for further assistance.