Skip to content

Commit

Permalink
Update docs/Deploy/single-sign-on-sso.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Marko Lisica <[email protected]>
  • Loading branch information
@noahtalerman @marko-lisica
noahtalerman and marko-lisica authored Dec 24, 2024
1 parent cb8ecac commit f163726
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/Deploy/single-sign-on-sso.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ Each IdP will have its own way of setting these SAML custom attributes, here are

## Email two-factor authentication (2FA)

If you have a "break glass" Fleet user account that's used to login to Fleet when your Identify Provider (IdP) goes down, you can enable email 2FA, also known as multi-factor authentication (MFA), for this user. For all other users, the best practice is to enable single-sign on (SSO). Then, you can enforce any 2FA method supported by your IdP (i.e. authenticator app, security key, etc.).
If you have a "break glass" Fleet user account that's used to login to Fleet when your identify provider (IdP) goes down, you can enable email 2FA, also known as multi-factor authentication (MFA), for this user. For all other users, the best practice is to enable single-sign on (SSO). Then, you can enforce any 2FA method supported by your IdP (i.e. authenticator app, security key, etc.).

Users with email 2FA enabled will get the this email when they login to Fleet:

Expand Down

0 comments on commit f163726

Please sign in to comment.