HubSpot Ideas

dmurphy

Two-factor authentication for HubSpot portal

I was surprised this wasn't already a feature of HubSpot, especially where our databases are filled with our lead's information. I would like HubSpot to add 2FA to their system. Something we can integrate with Google Authenticator would be ideal. It adds an extra layer of security that we would appreciate. 

60 Comentários
EdgarCerecerez
Participante

@dilloncompton thanks!

 

Super happy this rolled out. I am implementing hubspot across the organization (not just sales) and the roll out of this feature will make it easier to get buy-in. 

 

tonyhunter
Membro

Great news this has been rolled out.

 

Is it possible to mandate across the account so all users need to specify a second factor device?

GregMCLN
Membro

Absolutely delighted to see this finally rolled out. I'll submit feedback as I test!

dilloncompton
Equipe de Produto da HubSpot

@tonyhunter it is not currently possible to require your users to use two factor authentication. We have heard this feedback during the beta, and will likely support it in the future.

tonyhunter
Membro

@dilloncompton great, thanks for confirming quickly.

moodoir
Participante

We’d really like a SAML identity source so we can manage users centrally and make 2FA mandatory, plus use the more sophisticated features our SSO product gives us. Will this be happening do you think?

dilloncompton
Equipe de Produto da HubSpot

@moodoir There is a separate thread for SAML authentication on the ideas forum already (https://community.hubspot.com/t5/HubSpot-Ideas/SAML-authentication/idi-p/20389), and we look at it as a pretty distinct feature from 2FA. We have heard the feedback for SSO, but don't have specific plans/timelines we can share. 

moodoir
Participante

Hi there' OK thanbks for the feedback. 

dilloncompton
Equipe de Produto da HubSpot

@moodoir no problem! We do hope to provide SSO functionality in the future, just no concrete timelines yet!

moodoir
Participante

Hi Dillon, is this out of beta testing now? Thanks.

dilloncompton
Equipe de Produto da HubSpot

@moodoir yes, it's been released to all HubSpot users at this point. Even though it's no longer in beta, we practice iterative development so feedback is always helpful, and we're likely to make changes/improvements in the future. Feel free to shoot me a message or post here if you have any feedback!

Maurits
Membro

@dilloncompton when will we be able to enforce two factor on all new users? 

dilloncompton
Equipe de Produto da HubSpot

Hi @Maurits,

 

Please see: https://community.hubspot.com/t5/HubSpot-Ideas/Two-factor-authentication-for-HubSpot-portal/idc-p/18...

We have heard the feedback but there is not yet a timeline for this change.

neilw
Membro

While I realise I can't enforce 2FA on all users at the moment is it possible to check which users have enabled 2FA?

tb1
Membro

to second what neilw is saying - it would really nice to see who has it enabled.

 

It would also be nice for Super Admins to:

  • Be able to force a user to re-enroll (say if they lose their phone and don't have backup codes)
  • Disallow SMS and mandate an authenticator app as a method as the SMS method has been proven to have some vulnerablities. 

Lastly the use of Language which specifies Google Authenticator is confusing to less technical users. Other Authenticator Apps work (Microsoft, Salesforce, Duo). Referring to it as Authenticator App would be less confusing.

 

moodoir
Participante

Agree with TB1.

I forgot my phone the other day and it was a 48 hour turnaround time by HubSpot. I had to ask an external admin to register me on my personal email address to get back in. All a bit painful really. There has to be a better back up plan.

 

moodoir
Participante

Although having 2FA now available via SMS, our company uses Duo Access Gateway and unfortunately I've just heard this isn't on HubSpot's roadmap. Surely this isn't a big development?

Richards
Membro

Ref 2FA

Just to let the forum know we have got fed up waiting for Hubspot to deal with this and have cancelled and are implementing Salesforce who have proper 2FA which we will be operating through OKTA.

I suggest that all of you concerned about security and user managment urgently consider moving away from Hubspot. The cost of not doing so could far outweigh the cost of moving.

rad
Equipe de Produto da HubSpot
Equipe de Produto da HubSpot

Hey all! I wanted to update on this thread to solicit some feedback around a new 2FA development we're currently rolling out. It will allow admins on an account to assist their users with getting their 2FA removed, & not require contacting the HubSpot support team. Currently, this functionality is available only for users who are on one HubSpot account. If you'd like to try this new functionality, please shoot me a direct message including your hub ID, & I can get you set up.

davenish
Membro

Why does Hubspot not have this sorted, user provisioning also needs to be addressed