We're experiencing difficulty. Our engineers are on it. Please check status.mailgun.com for real-time updates.

Return to Mailgun.com

2FA Setup

  1. Mailgun Help Center
  2. Mailgun Help Center
  3. Account Management
2FA Setup

Note: This process applies only to Mailgun-direct accounts. If you use Mailgun through services such as Rackspace or Heroku, 2FA and password resets would need to be handled via that service’s corresponding processes. You'll want to contact their support for assistance in such cases.

Enabling Two-Factor Authentication (also known as 2FA) is one of the best ways to secure your account from unauthorized access.  It requires two steps - two layers if you will - of authentication as an extra security buffer to ward off malicious actors.  As such, we recommend ensuring all users on the account take advantage of this important security measure.

Enabling 2FA

This is a quick, simple process that requires only two elements: 

  • Something you know: as in, your account’s password
  • Something you have: as in, a physical device, like your cell phone or computer

To start, you’ll need to choose a 2FA application for your physical device.  This application will generate a new 6-digit token (or code) every 60 seconds while the application is open, and it is this code that you will utilize while logging in to the Mailgun Control Panel.  There are a number of authentication applications, but a few solid options to consider include: 

Once your 2FA application is installed on your physical device, it's time to activate 2FA on your Mailgun account. To start, log in to your Mailgun control panel.

Inside the Mailgun Control Panel:

  1. Navigate towards the top-right of the page next to your username, click the down-arrow, and then select the Account option. Alternatively, you can use this direct link
  2. On the resulting page, you will see various groups, or sections, of settings. In the Authentication section, locate the 2FA field. 
  3. Click the light grey Activate 2FA button, which will reveal the critical information detailed below!
    • IMPORTANT: You'll first see a QR code, but, before proceeding, first scroll down and copy the 64-character paper key by clicking Download Key underneath the heading Download your account recovery "paper key." 
      • Ensure you store it in a secure location! 
      • This key is vital in recovering your account in the event that your 2FA device is lost, stolen, or malfunctioning!
    • Open the authentication application installed earlier to add Mailgun as a new account.  This is accomplished in one of two ways (either is perfectly fine):
      • Scan the QR code displayed in your Mailgun Control Panel
      • Enter the 16-digit token beneath the QR code.
  4. Once you've downloaded your paper key, stored it in a secure location, and used your device either to scan the QR code or enter the 16-digit token beneath it, click the Continue 2FA Activation button.  
    • Do not close this popup until 2FA has been successfully activated.
    • If the popup is closed before fully activating 2FA, remove the account from your device and restart step 2. 
  5. Now that the Mailgun account has been added to the authentication application, verify that a 6-digit code appears that refreshes every 60 seconds.
  6. The Mailgun Control Panel should now prompt you for a code.  Supply the 6-digit token (or code) from the authentication application on your physical device and click the Activate button
  7. If the code was entered correctly, the popup will close and the screen will display a light grey Deactivate 2FA button.  No need to click it; we mention it only because it is one indication that the 2FA setup was successful!

The next time you log in to the Mailgun Control Panel, you'll enter your email address and password as usual. However, an additional screen will prompt for the 6-digit code from your authentication application.

Enforcing 2FA For All Users On The Account

If you so choose, an admin user can enforce 2FA for all users on an account. In order to do so, the admin user must have 2FA already enabled on their own user.

Inside the Mailgun Control Panel:

  1. Navigate towards the top-right of the page next to your username, click the down-arrow, and then select the Account option. Alternatively, you can use this direct link
  2. On the resulting page, you will see various groups, or sections, of settings. In the Account settings section, locate the Force user auth scheme field. 
  3. Click the light grey Require TFA button.
  4. In a popup form, you will be presented with 2 options before clicking the Save button:
    1. Clear all user sessions: This option will clear any currently active sessions (logged-in users) and will require all users to enable 2FA immediately.
    2. Allow user sessions to stay logged in: This option will allow users to continue in their currently active sessions and set up 2FA once their current sessions expire.  Upon the next login, all users will be directed to set up 2FA prior to being allowed to access the account.

 

If any questions arise, just reach out to our Support team via the Support option in your Mailgun control panel!

Related articles

All systems go

Mailgun seems to be fully operational with no issues.

Small outage

It appears one of our services is having difficulty.

There's a problem

It appears one of our services is having difficulty.

Documentation

Our elegant API docs answer lots of questions.

Our blog

Walkthroughs & tutorials directly from our team.

Other Helpful Resources

Try StackOverflow

Our robust community of colleagues answers plenty of questions every single day.

Submit a support ticket

If our Q&A hasn’t helped and your issue seems to be unique, submit a support ticket and we’ll help!