2017-03-21 22:24:29 +01:00
|
|
|
---
|
2017-04-03 19:53:38 +02:00
|
|
|
layout: "enterprise"
|
2017-04-07 06:00:35 +02:00
|
|
|
page_title: "Authentication Policy - Organizations - Terraform Enterprise"
|
2017-03-21 22:24:29 +01:00
|
|
|
sidebar_current: "docs-enterprise-organizations-policy"
|
|
|
|
|
description: |-
|
|
|
|
|
Owners can set organization-wide authentication policy in Terraform Enterprise.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set an Organization Authentication Policy
|
|
|
|
|
|
2017-04-07 06:00:35 +02:00
|
|
|
Because organization membership affords members access to potentially sensitive
|
|
|
|
|
resources, owners can set organization-wide authentication policy in Terraform
|
|
|
|
|
Enterprise.
|
2017-03-21 22:24:29 +01:00
|
|
|
|
|
|
|
|
## Requiring Two-Factor Authentication
|
|
|
|
|
|
2017-04-07 06:00:35 +02:00
|
|
|
Organization owners can require that all organization team members use
|
|
|
|
|
[two-factor authentication](/docs/enterprise/user-accounts/authentication.html).
|
|
|
|
|
Those that lack two-factor authentication will be locked out of the web
|
|
|
|
|
interface until they enable it or leave the organization.
|
2017-03-21 22:24:29 +01:00
|
|
|
|
2017-04-07 06:00:35 +02:00
|
|
|
Visit your organization's configuration page to enable this feature. All
|
|
|
|
|
organization owners must have two-factor authentication enabled to require the
|
|
|
|
|
practice organization-wide. Note: locked-out users are still be able to interact
|
|
|
|
|
with Terraform Enterprise using their `ATLAS_TOKEN`.
|
2017-03-21 22:24:29 +01:00
|
|
|
|
|
|
|
|
## Disabling Two-Factor Authentication Requirement
|
|
|
|
|
|
2017-04-07 06:00:35 +02:00
|
|
|
Organization owners can disable the two-factor authentication requirement from
|
|
|
|
|
their organization's configuration page. Locked-out team members (those who have
|
|
|
|
|
not enabled two-factor authentication) will have their memberships reinstated.
|
