Multi-factor authentication (MFA) improves the security of your account by requiring a second verification step in addition to your password to log in. In LaunchDarkly, you can enable multi-factor authentication for your individual account, which requires you to enter a verification passcode from a free authenticator application you install on your mobile device.
Administrators can also require all newly invited team members on the team to enable multi-factor authentication when they first log in.
We strongly recommend that all LaunchDarkly users enable MFA for their account, and that administrators enforce MFA for their entire team.
Before you begin, you'll need to install a compatible authenticator application on your mobile device. We recommend Google Authenticator, but any TOTP authenticator application should work well.
To enable MFA for your account, navigate to your User Profile page and click the Enable MFA button.
A dialog containing a QR code will appear on your screen. Launch the authenticator application on your mobile device and hold the camera up to your screen to scan the code. Ensure that the entire code is centered on your device's screen.
Once the QR code has been successfully scanned, enter the six digit code from your authenticator application and click "Continue".
You'll see a confirmation screen with a recovery code for your account. Store this recovery code in a safe location other than your mobile device. If you lose access to the mobile device with your MFA settings, you can use this recovery code to access your account and reset your MFA settings.
When MFA is enabled, you'll be required to enter a six-digit code from your authenticator app each time you log in to LaunchDarkly.
The first step of your login flow will remain unchanged-- you'll be asked for your e-mail address and password. Once you've submitted this information, you'll see an MFA login screen prompting you for a six-digit code.
You must enter a valid code from your authenticator device within 5 minutes, otherwise you'll be forced to re-enter your password.
If you've lost access to your device or your authenticator application, click the link on the MFA login screen to log in with your recovery code.
When you use your recovery code, you'll be sent to your account profile page, where you should reset your MFA settings and generate a new recovery code immediately.
Recovery codes are single-use
Once you've logged in with your recovery code, you should reset your MFA settings immediately. Recovery codes can only be used once, so you should re-generate a new recovery code and store it in a safe location as soon as possible.
If you've lost your device and do not have access to your recovery code, contact an administrator for your team's LaunchDarkly account. Your administrator can send you an e-mail with a new recovery code.
If you're a LaunchDarkly administrator or account owner, you can require all newly invited team members to enable MFA. To do this, click the checkbox under Your Organization on your Team page.
When this setting is enabled, any new team members you invite will be forced to set up MFA for their account when they first log in. In addition, if this setting is enabled, team members will not be able to disable MFA for their account.
Admins can also see whether team members have MFA enabled on the Team page. If a user does not have MFA enabled, admins can send an automatic reminder e-mail requesting that the team member enable MFA.
Finally, if a team member with MFA enabled loses their device and no longer has access to their recovery code, administrators can send them an e-mail with a new recovery code.