From def0de5adf06f29cf91b38ba7a0459d0c7fe00e7 Mon Sep 17 00:00:00 2001 From: James Hill Date: Tue, 19 Sep 2023 22:18:12 +1000 Subject: [PATCH] Add Enforce 2FA documentation Enforce 2FA is a feature for all organizations who want to ensure that all users of their organization have 2FA enabled before they can access their organiztion. Enforce 2FA is part of the Q3 releas. --- data/nav.yml | 2 ++ pages/team_management.md | 1 + pages/team_management/enforce_2fa.md | 28 ++++++++++++++++++++++++++++ pages/tutorials/2fa.md | 8 ++------ 4 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 pages/team_management/enforce_2fa.md diff --git a/data/nav.yml b/data/nav.yml index b9a4037608..30f340438e 100644 --- a/data/nav.yml +++ b/data/nav.yml @@ -314,6 +314,8 @@ path: "team-management" - name: "User and team permissions" path: "team-management/permissions" + - name: "Enforce 2FA" + path: "team-management/enforce-2fa" - name: "Governance" children: - name: "Overview" diff --git a/pages/team_management.md b/pages/team_management.md index b05209cbbd..e52ca2933d 100644 --- a/pages/team_management.md +++ b/pages/team_management.md @@ -7,4 +7,5 @@ toc: false Team management is fundamental in CI/CD tools to ensure streamlined processes, proper access controls, and efficient collaboration. Buildkite provides features for your team management needs: - [User and team permissions](/docs/team-management/permissions) +- [Enforce 2FA](/docs/team-management/enforce-2fa) - [Managing API access tokens](/docs/apis/managing-api-tokens) (under the APIs section) diff --git a/pages/team_management/enforce_2fa.md b/pages/team_management/enforce_2fa.md new file mode 100644 index 0000000000..5f6884b6b3 --- /dev/null +++ b/pages/team_management/enforce_2fa.md @@ -0,0 +1,28 @@ +--- +keywords: docs, tutorials, 2fa +--- + +# Enforce Two-factor authentication (2FA) + +Two-factor authentication can be enforced for the whole organization to ensure that all users who access +the organization have Two-factor authentication enabled. + +## Before enforcing Two-factor authentication + +Before you enforce Two-factor authentication for your organization, consider +any users without 2FA already enabled setup will immediately lose access to the +organization and subsequent pipelines. + +Users can set up Two-factor authentication by following this [tutorial]. + +## Steps to enforce Two-factor authentication + +To enforce Two-factor authentication: + +- You must be logged in as an Administrator +- Vist the Organization's [security settings] +- Check **Enforce Two-factor authentication** +- Click **Update Access Control** + +[security settings]: +[tutorial]: <../tutorials/2fa> diff --git a/pages/tutorials/2fa.md b/pages/tutorials/2fa.md index 1982ddca95..b9cb849c80 100644 --- a/pages/tutorials/2fa.md +++ b/pages/tutorials/2fa.md @@ -54,12 +54,8 @@ You need to ask the administrator of your Buildkite organization to remove your ## Enforcing two-factor authentication for the whole organization -Currently, it's not possible to enforce 2FA in Buildkite for members of an organization. However, you can check the current 2FA status using the [User Settings](https://buildkite.com/user/settings) page for your organization. You'll see a 2FA badge next to the users who have it enabled. - -<%= image "2fa-8.png", width: 866, height: 222, alt: "Checking Two-Factor Authentication Status of a User" %> - -If conducting a regular audit is not enough, many SSO providers can enforce 2FA. In turn, Buildkite can enforce SSO for members of an organization. If you're already using an SSO provider this may be a solution. Read more about [using SSO with Buildkite](/docs/integrations/sso). - +Organziation administrators who would like to enforce two-factor authencation +across their entire organization can do so following the [Enforce 2FA](../team-management/enforce-2fa) guide. [1Password]: [OTP Auth]: