2FA Setup

Setting up Two-Factor Authentication

Setting up Two-Factor Authentication (2FA) is one of the best ways to secure your account from unauthorized access. This is a quick, simple process that requires two elements: 

• Something you know: as in, your account’s password
• Something you have: as in, a physical device, like your cell phone or computer

To start, you’ll need to choose a 2FA application that will generate the 6-digit code required to log in. There are a number of applications, but here are a few solid options: 

• Google Authenticator
• LastPass Authenticator
• Windows Authenticator
• Authy Authenticator 

Once your 2FA application is installed and ready to go, it's time to activate 2FA on your Mailgun account. To start, log in to your Mailgun control panel.

Inside the Mailgun Control Panel (options displayed down the left-hand side on a dark column), use the following instructions:

1. Click on Settings on the bottom left-hand side of your the Mailgun dashboard -> Scroll all the way down to 2FA. 
2. Click Activate 2FA.
• IMPORTANT: You'll first see a QR code, but, before proceeding, first scroll down and copy the 64-character paper key by clicking Download Key underneath the heading Download your account recovery "paper key." Make sure to store it in a secure location. This key is vital in recovering your account in the event that your 2FA device is lost, stolen, or malfunctioning.
• Open your 2FA application (one of the apps mentioned above, for example) and add a new account, usually by either scanning the QR code displayed in your Mailgun control panel at this panel, or by entering the 16-digit token under the QR code. Both are available in your Mailgun control panel after clicking Activate 2FA.
3. Once you've downloaded your paper key, stored it in a secure location, and used your device to either scan the QR code or enter the 16-digit token, click Continue 2FA Activation. Do not close out of this popup until 2FA has been successfully activated. If the popup is closed before fully activating 2FA, remove the account from your device and restart step 2. 
4. Once the account has been added to the app; a revolving 6-digit code is generated on the app. Supply the 6-digit code from your device into the blank in your Mailgun control panel,  and click Activate. If the code was entered correctly, the popup will close and you will see a green Deactivate 2FA button.

Enforcing 2FA on an account

If you so choose, an admin user can enforce 2FA for all users on an account. In order to do so, you must ensure that the admin user that is logged in already has 2FA enabled for their user. Once this is done, under Settings > Details > Account Details you will find the "Force auth scheme" section in which you can select the "Require TFA" button. You will be presented with 2 options:

• Clear all user sessions - This option will clear any logged in sessions and will require users to enable 2FA immediately
• Allow user sessions to stay logged in - This option will allow users to continue in their current session and setup 2FA once their session expires and they have to re login. 

Upon the next sign-in, all users will be directed to setup 2FA in order to continue to sign-in.