How to enforce two-factor authentication (2FA) on Slack

Configuring and enforcing in Slack is simple, with a minimal number of options. Read this guide to learn about the steps you'll need to take and the things we think you should think about.

Before you start

Get business buy-in

Big changes that people notice tend to benefit from an executive sponsor to lend weight behind the change - you'll know better than us whether that makes sense for your organisation. You can read for some pointers.

Prepare your support team

When adopting MFA, some users may struggle with the process of enrolling for MFA, or need help if they lose their MFA token or device after setup. Users will have a much better experience of MFA, and work disruption kept to a minimum, if the IT support team (or person as the case may be) is prepared to support both enrolment and recovery, and can get them back on their feet quickly.

To make sure everything goes smoothly when something goes wrong, we recommend you make sure anyone responding to support requests tests or practices these processes using a test account.

Let's get started

Set things up

Configuring 2FA in Slack should be pretty simple.

You have two choices of approach:

  1. Default rollout: configure 2FA enforcement, giving everyone 24 hours to register. After 24 hours, users are forced to register. If you're a small team, or your users are familiar with this process, this is a great way to get the job done quickly.

  2. Soft rollout: if you're worried allowing only 24 hours will cause undue disruption, you can encourage users to register over time. Once a significant user base is enrolled and using 2FA, configure 2FA enforcement to give remaining users 24 hours to register.

Enforcing 2FA

Once you're ready, it's time to set up enforcement - follow the steps in this guide. Once setup, Slack will message anyone left to register giving them 24 hours notice - you'll see a preview of the exact message before it goes out.