Account & Settings

umair
Contributor

disable 2fa for sso login

We have enabled SSO for some users in our Portal. But now when they use SSO to login, they have to do our SSO 2FA and then the 2FA from HubSpot. 

 

Is there any way we can disable 2FA for users logging in using SSO?

AReagan
Participant

disable 2fa for sso login

We also experience this due to having multiple outbound IP addresses from our network. Hubspot accounts that only allow SSO for authentication should be exempt from Hubspot's internal MFA. It provides a poor user experience and defeats all of the convenience of SSO.

0 Upvotes
PamCotton
Community Manager
Community Manager

disable 2fa for sso login

@AReagan,  want to update that the way the system is currently set up, your account is automatically set up to require verified login (2FA or CTL) for all users, regardless of whether they sign in via SSO or are exempted users. This is an added security measure HubSpot has been implementing over the past few months to ensure our customers' data is as protected as possible.

 

You can choose whether to require HubSpot 2FA or just have confirmed to login (emailed code), but there currently is not a way to exempt your Okta users from the verified login and require 2FA for SSO-exempt users.

 

I hope this helps.

 

Pam

 

 

Você sabia que a Comunidade está disponível em outros idiomas?
Participe de conversas regionais, alterando suas configurações de idioma !


Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !




umair
Contributor

disable 2fa for sso login

Hi Pam,

 

Thank you for the information. 

Does that mean our users will not get 2FA notification if they are logging in using SSO?

 

We have a few users that can't be added to SSO but all the others will use SSO. In this case we want SSO users to not get 2FA prompt as we already have 2FA for our login. But the users signing in using HubSpot should be prompted with 2FA.

 

Best,

Umair

0 Upvotes
PamCotton
Community Manager
Community Manager

disable 2fa for sso login

Hello @umair

After checking in with our internal team, I would like to apologize for any confusion that occurred. A new security feature was released on November 3 to ensure our users’ accounts are as secure as possible relying on our own platform’s security tools helps, since third-party providers (like Ping) can be vulnerable. This security feature added an additional layer of either 2FA or confirm to log in for users even if they were logging in via SSO. Based on feedback from the initial release, we've temporarily paused the rollout of this feature, but we plan to enforce it in the near future. It is not currently enforced on your account, so you can turn 2FA off at this point.

 

If you would like to get ahead of this rollout, you can encourage your team to make sure their 2FA is up-to-date with the correct phone number and/or authentication device. Once the feature is re-released, you will be able to control whether or not your users have to use 2FA (from your security settings). If you decide to leave it unchecked, your users will still be prompted with an email code for each new device that they log in from.

 

I hope this helps,

Pam

 

Você sabia que a Comunidade está disponível em outros idiomas?
Participe de conversas regionais, alterando suas configurações de idioma !


Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !