Two-factor authentication for HubSpot portal

I was surprised this wasn't already a feature of HubSpot, especially where our databases are filled with our lead's information. I would like HubSpot to add 2FA to their system. Something we can integrate with Google Authenticator would be ideal. It adds an extra layer of security that we would appreciate. 

59 Kommentare
Berater

@dilloncompton thanks!

 

Super happy this rolled out. I am implementing hubspot across the organization (not just sales) and the roll out of this feature will make it easier to get buy-in. 

 

Mitwirkender

Great news this has been rolled out.

 

Is it possible to mandate across the account so all users need to specify a second factor device?

Mitwirkender

Absolutely delighted to see this finally rolled out. I'll submit feedback as I test!

HubSpot Produkt-Team
HubSpot Produkt-Team

@tonyhunter it is not currently possible to require your users to use two factor authentication. We have heard this feedback during the beta, and will likely support it in the future.

Mitwirkender

@dilloncompton great, thanks for confirming quickly.

Berater

We’d really like a SAML identity source so we can manage users centrally and make 2FA mandatory, plus use the more sophisticated features our SSO product gives us. Will this be happening do you think?

HubSpot Produkt-Team
HubSpot Produkt-Team

@moodoir There is a separate thread for SAML authentication on the ideas forum already (https://community.hubspot.com/t5/HubSpot-Ideas/SAML-authentication/idi-p/20389), and we look at it as a pretty distinct feature from 2FA. We have heard the feedback for SSO, but don't have specific plans/timelines we can share. 

Berater

Hi there' OK thanbks for the feedback. 

HubSpot Produkt-Team
HubSpot Produkt-Team

@moodoir no problem! We do hope to provide SSO functionality in the future, just no concrete timelines yet!

Berater

Hi Dillon, is this out of beta testing now? Thanks.

HubSpot Produkt-Team
HubSpot Produkt-Team

@moodoir yes, it's been released to all HubSpot users at this point. Even though it's no longer in beta, we practice iterative development so feedback is always helpful, and we're likely to make changes/improvements in the future. Feel free to shoot me a message or post here if you have any feedback!

Berater

@dilloncompton when will we be able to enforce two factor on all new users? 

HubSpot Produkt-Team
HubSpot Produkt-Team

Hi @Maurits,

 

Please see: https://community.hubspot.com/t5/HubSpot-Ideas/Two-factor-authentication-for-HubSpot-portal/idc-p/18...

We have heard the feedback but there is not yet a timeline for this change.

Mitwirkender

While I realise I can't enforce 2FA on all users at the moment is it possible to check which users have enabled 2FA?

Mitwirkender

to second what neilw is saying - it would really nice to see who has it enabled.

 

It would also be nice for Super Admins to:

  • Be able to force a user to re-enroll (say if they lose their phone and don't have backup codes)
  • Disallow SMS and mandate an authenticator app as a method as the SMS method has been proven to have some vulnerablities. 

Lastly the use of Language which specifies Google Authenticator is confusing to less technical users. Other Authenticator Apps work (Microsoft, Salesforce, Duo). Referring to it as Authenticator App would be less confusing.

 

Berater

Agree with TB1.

I forgot my phone the other day and it was a 48 hour turnaround time by HubSpot. I had to ask an external admin to register me on my personal email address to get back in. All a bit painful really. There has to be a better back up plan.

 

Berater

Although having 2FA now available via SMS, our company uses Duo Access Gateway and unfortunately I've just heard this isn't on HubSpot's roadmap. Surely this isn't a big development?

Mitwirkender

Ref 2FA

Just to let the forum know we have got fed up waiting for Hubspot to deal with this and have cancelled and are implementing Salesforce who have proper 2FA which we will be operating through OKTA.

I suggest that all of you concerned about security and user managment urgently consider moving away from Hubspot. The cost of not doing so could far outweigh the cost of moving.

Hubspot-Mitarbeiter
Hubspot-Mitarbeiter

Hey all! I wanted to update on this thread to solicit some feedback around a new 2FA development we're currently rolling out. It will allow admins on an account to assist their users with getting their 2FA removed, & not require contacting the HubSpot support team. Currently, this functionality is available only for users who are on one HubSpot account. If you'd like to try this new functionality, please shoot me a direct message including your hub ID, & I can get you set up.