> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/multifactor.md).

# Multifactor

Configure multifactor authentication (MFA) in Devolutions Server to add an extra layer of security to the application.

Devolutions Server supports multiple types of MFA. You can configure a default MFA type for your entire organization or configure MFA user by user. When MFA is configured, users log in with their username/password as well as an MFA product.

### Configure multifactor authentication from the web interface

1. To access the MFA configuration, navigate to ***Administration – Server settings – Multifactor***.
2. The first option is to choose how you want to enforce multifactor authentication. To do so, click on the information icon next to ***MFA usage*** to go to the ***Conditional access policies*** section.

   <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp2061.png" alt=""><figcaption></figcaption></figure>
3. Select a ***Target*** (***Login*** or ***MFA***).

   <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp6001.png" alt=""><figcaption></figcaption></figure>
4. If you chose the ***MFA*** in the last step, select a ***Default action when no policy matches*** between the following:
   * ***MFA required***: MFA is enforced for all users. A default MFA type is set for all users.
   * ***MFA skipped***: MFA is not enforced.
   * ***MFA optional per user***: MFA is enforced on an individual basis. The administrator chooses who uses MFA and what product or technology they use. Choose this option if not all users are set up for multifactor authentication.

{% hint style="info" %}
When MFA usage is set to ***MFA optional per user*** , the MFA method must be configured in ***Administration – users*** for each user. Edit or add a user, then go to the ***Multifactor*** section to configure it. You can also set an MFA type on the user if they are using a product different than the default method. See [Multifactor (edit user)](https://docs.devolutions.net/server/web-interface/administration/security-management/users/edit-user-two-factor/).
{% endhint %}

![](https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp6003.png)

5. Back to the ***Multifactor*** section, choose who to send the reset email to between ***Administrator(s)*** or a ***Specific email*** (in which case you must specify the email in the ***Specific email*** field).

   <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp2064.png" alt=""><figcaption></figcaption></figure>
6. Check the boxes next to the supported authenticators that you want to enable. You can choose as many as necessary.

{% hint style="info" %}
The currently supported multifactor authenticators are Authenticator (TOTP), Yubikey, Email, [SMS](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/two-factor/sms/), Duo, and Radius. You must configure them separately using the instructions next to them. Emails need to be configured beforehand in Devolutions Server for the ***Email*** and ***SMS*** (without Twilio) MFAs.
{% endhint %}

![](https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp2065.png)

7. Select the ***Default*** MFA between the ones you enabled in the previous step.
8. Select alternate ways to log in between ***Email*** and [***Backup codes***](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/two-factor/backup-codes/). These options will be offered when users do not have access to their usual method.

   <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_server_ServerOp2066.png" alt=""><figcaption></figcaption></figure>
9. Click ***Save***.

#### See also

* [Devolutions Academy – Enforce MFA for users from Devolutions Server web interface](https://academy.devolutions.net/student/page/2747690-enforce-mfa-for-users-from-devolutions-server-web-interface?curriculum_activity_id=4182448\&path_id=2628397\&sid=8d455496-2d95-447f-9246-9311ad0fcf8b\&sid_i=0)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/security/multifactor.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.