Enabling Multi-Factor Authentication (MFA) for Your Lagoon Account#

Overview#

Multi-Factor Authentication (MFA) adds an extra layer of security to your Lagoon account by requiring a second verification method in addition to your password. This article explains how to enable and manage MFA for your Lagoon account.

Who Can Enable MFA?#

All Lagoon users can enable MFA for their accounts, regardless of role or permission level.

How to Enable MFA#

Access Your Account Settings:
Log in to your Lagoon dashboard
Click on your profile menu in the top-right corner
Select the "Account" option from the dropdown menu
Navigate to Keycloak:
This will redirect you to the Keycloak authentication page where you can manage your security settings
Set Up MFA:
In the Keycloak interface, locate the "Authenticator" or "Two-Factor Auth" section
Follow the on-screen instructions to set up your preferred MFA method (typically using an authenticator app like Google Authenticator, Authy, or Microsoft Authenticator)
Scan the provided QR code with your authenticator app
Enter the verification code generated by your app to confirm setup

Supported MFA Methods#

Depending on your organization's configuration, you may have access to one or more of the following MFA methods:

Time-based One-Time Password (TOTP) via authenticator apps
SMS verification
Email verification
Security keys (if supported by your organization)

Tips for Using MFA#

Store Backup Codes: During setup, you may be provided with backup codes. Save these in a secure location in case you lose access to your primary authentication method.
Keep Apps Updated: Ensure your authenticator app is kept up to date for the best security and compatibility.
Multiple Devices: Consider setting up your MFA on multiple devices as a backup.

Need Help?#

If you encounter any issues while setting up or using MFA:

Contact your organization's Lagoon administrator
Reach out to our support team through your designated support channel
Reference your account ID when requesting assistance