LOG IN SIGN UP
Documentation

Enabling and disabling two-factor authentication

Fastly supports two-factor authentication, a two-step verification system, for logging in to the application. In a two-factor authentication security process, users provide two means of identifying themselves to the system, typically by providing the system with something they know (for example, their login ID and password combination) and something they have (such as an authentication code). Organizations can enable company-wide two-factor authentication to require all users within the organization to use two-factor authentication.

the Account Security settings for multi-factor authentication

Before you begin

You'll need to enter an authentication code regularly. Once two-factor authentication has been enabled, an authentication code will be requested upon login at least every 14 days for each computer and browser you use to access the Fastly application.

A mobile device is required. Using this security feature with a Fastly account requires a mobile device capable of scanning a barcode or QR code using a downloadable authenticator application. We recommend the following:

There are special requirements for using this feature with the API. If you enable two-factor authentication via the user interface, you will no longer be able to use a username and password when using the API. You must use the organization's API key for authentication.

Managing two-factor authentication as a user

Depending on whether or not your organization has enabled company-wide two-factor authentication, you may be able to enable and disable two-factor authentication for your personal account. We also have instructions for recovering access to your account if you lose your mobile device.

Enabling two-factor authentication

To enable two-factor authentication for your user account, follow the steps below.

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.

    the account tab

  3. Click Manage your security settings from the Account Security area on the left. The Account Security settings appear.

  4. Click Set Up Two-Factor Authentication. The password verification screen appears.

    the 2fa password verification screen

  5. In the Verify Your Password field type your Fastly password and then click Continue. The authentication QR code appears.

    the authentication QR code

  6. Launch the authenticator application installed on your mobile device and scan the displayed QR code or manually enter the key displayed in the setup window. A time-based authentication code appears on your mobile device. Depending on your device, however, a browser link may first appear. You need to click this link to save it. When you do, the words Secret saved appear briefly.

  7. In the Authentication Code field, type the time-based authentication code displayed on your mobile device.

  8. Click Enable Two-Factor Authentication. The confirmation screen appears along with your recovery codes.

    the confirmation screen with recovery codes

After you enable two-factor authentication, logging in to your Fastly account will require your email address and password, and then an authentication code generated by the authenticator application you've installed on your mobile device. By default, the system requires you to authenticate your login using an authentication code at least every two weeks for each computer and browser you use to access the Fastly application.

Disabling two-factor authentication

Once two-factor authentication is enabled for your account, you can disable it at any time by following the steps below.

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.
  3. In the Account Security area of the settings sidebar, click Manage your security settings. The two-factor authentication controls appear.

    the 2fa authentication controls

  4. Click Disable Two-Factor Authentication. The verification screen appears.

  5. In the Authentication Code field, type the time-based authentication code displayed in the authenticator application on your mobile device, then click Disable.

What to do if you lose your mobile device

If you lose your mobile device after enabling two-factor authentication, use a recovery code to log in to your Fastly account. You can continue to use recovery codes to log in until you get your mobile device back. Recovery codes can only be used once, however, so remember to regenerate a new list of codes to avoid running out before you recover your mobile device.

If you do not believe you will be able to recover your lost mobile device and you still have at least two recovery codes left, you can log in with one recovery code and disable two-factor authentication with a second code. Once two-factor authentication is disabled, you can re-enable it with a new mobile device at a later time and regenerate a new set of codes.

If your organization has enabled company-wide two-factor authentication, you can contact a superuser for your organization and ask them to reset your two-factor authentication.

Locked out of your account? See our article on what you can do about it.

Managing two-factor authentication as a superuser

If you are assigned the superuser role for your organization, you can view who has two-factor authentication enabled on the account tab in the Users area of the Account settings. Users with this feature enabled have padlocks displayed next to their names.

the padlock next to a user with 2fa activated

To disable two-factor authentication for any user within your organization, select Disable 2FA from the menu that appears when you click the gear icon next to that user's name.

the disable 2fa selection in the edit user menu

Managing two-factor authentication as a company

Organizations can enable two-factor authentication for all of their users. When the company-wide two-factor authentication feature is enabled, all users within the organization are required to use two-factor authentication to log in to the Fastly application, and they cannot disable two-factor authentication for their accounts.

Enabling company-wide two-factor authentication

Users assigned the superuser role can enable this feature on the Account page. To enable company-wide two-factor authentication for all users within your organization, follow the steps below.

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.
  3. In the Customer Options area, select Yes from the Company-wide Two-Factor Authentication menu.

    company-wide 2fa settings

  4. Click Update Customer Options. A warning message appears.

    company-wide 2fa enable warning

  5. Click Continue. You will be logged out of the Fastly application. This completes the setup process for company-wide two-factor authentication.

Users who have not already enabled two-factor authentication for their accounts will be prompted to do so the next time they log in to the Fastly application.

Resetting a user's two-factor authentication

If company-wide two-factor authentication is enabled, and a user within the organization gets locked out of their account or needs to enable a new device, a superuser can reset the user's two-factor authentication. To reset a user's two-factor authentication, follow the steps below.

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.
  3. In the Users area, click the gear icon next to a user and then select Reset 2FA.

    reset 2fa settings

    A warning message appears.

    reset 2fa warning

  4. Click Reset.

The user will need to set up two-factor authentication for their account the next time they log in.

Disabling two-factor authentication for a single user's account

If company-wide two-factor authentication is enabled, a superuser can disable two-factor authentication for a single user's account. This is typically done for user accounts being used for scripts and session authentication. To disable two-factor authentication for a single user's account, follow the steps below.

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.
  3. In the Users area, click the gear icon next to a user and then select Ignore 2FA.

    ignore 2fa settings

    A warning message appears.

    ignore 2fa warning

  4. Click Ignore.

The user account you selected will no longer be required to use two-factor authentication.

Disabling company-wide two-factor authentication

A superuser can disable company-wide two-factor authentication. Once this feature is disabled, existing users within the organization will be able to manage their own two-factor authentication settings, and new users will not be required to set up two-factor authentication to log in to the Fastly application. To disable company-wide two-factor authentication, follow the steps below:

  1. Log in to the Fastly application.
  2. Click the account tab to access the account settings.
  3. In the Customer Options area, select No from the Company-wide Two-Factor Authentication menu.

    company-wide 2fa settings

  4. Click Update Customer Options. A warning message appears.

    company-wide 2fa diable warning

  5. Click Continue.