Skip to main content

Multi-Factor Authentication

Multi-factor authentication (MFA) adds a second check to VeloDB Cloud console sign-in, on top of the password. It applies to organization members signing in to the control plane. It does not affect warehouse users that connect over MySQL or JDBC, which authenticate with their own credentials (see Warehouse Users and Roles).

MFA works at two scopes:

  • Account MFA: any member can add a second factor to their own account, whether or not the organization requires it.
  • Organization MFA: an Organization Admin can require every member to use MFA. Once enforced, members who have not set up a second factor are prompted to add one at their next sign-in.

Supported methods

VeloDB Cloud offers two second factors:

  • Authenticator app: any standard app that generates time-based one-time passwords (TOTP) works, including Google Authenticator, Microsoft Authenticator, Authy, and 1Password. You scan a QR code once during setup, and the app then produces a verification code that refreshes periodically.
  • SMS: a one-time code sent to your phone by text message.

Set up MFA for your account

Any member can add a second factor to their own account at any time.

  1. Click your profile area in the bottom-left corner of the console to open the account menu, then go to Settings → Security under Account.
  2. Under Multi-Factor Authentication, click Add Authentication Method, then choose Authenticator App or SMS.
  3. Finish setup for the method you chose:
    • Authenticator app: download any standard authenticator app (such as Google Authenticator, Microsoft Authenticator, or Authy), scan the QR code shown in the console, then enter the generated code to confirm.
    • SMS: enter your phone number, then enter the code sent to it by text message.

security-mfa

Once added, the method appears under Multi-Factor Authentication, and VeloDB Cloud asks for a code the next time you sign in.

Enforce MFA for your organization

Only Organization Admins can require MFA for the whole organization.

  1. Click your profile area in the bottom-left corner of the console to open the account menu, then go to Settings → Authentication under Organization.
  2. Turn on Multi-Factor Authentication.

mfa-settings

After you turn it on, every member must use a second factor to sign in. Members who have not yet set up MFA are required to add a method at their next sign-in before they can reach the console.

MFA and SAML single sign-on

Members who sign in through SAML single sign-on authenticate against your identity provider, so VeloDB Cloud does not add its own MFA challenge for them. To require MFA for SAML users, configure the MFA policy in your identity provider instead.

See also

  • Members: invite members, assign roles, and manage organization access.
  • SAML Single Sign-On: authenticate members through a corporate identity provider.