Browse Docs

Setting Up MFA for DefensX Backend

The recommended way to access the DefensX Backend is by using a Single Sign-On (SSO) provider such as Microsoft Entra ID, Google, or a generic SAML integration. If you’re only using SSO-based sign-in, you can also disable local sign-in from Settings → Global Settings for improved security.

When to Use Local Sign-In with MFA

If you need to maintain local user accounts for backend access (outside of SSO), we strongly recommend enabling Multi-Factor Authentication (MFA) to enhance account protection.

This guide walks you through configuring MFA using any authenticator app, including Microsoft Authenticator, Google Authenticator, or other TOTP-compatible applications.

How to Configure MFA

Note
 Only users with a local password can configure MFA. Users who sign in exclusively via SSO do not have local credentials and cannot enable MFA in DefensX.

Steps:

  • Log in to the DefensX Backend using your local account.

  • Click your avatar icon in the top-right corner to open the profile menu and click on the MFA Settings

mfa2

  • On the next screen, click on the Enable Two-Factor Auth button.

mfa3

  • Open your authenticator app on your mobile device.

  • Scan the QR code displayed on the screen to add your account.

mfa4

  • Enter your current password and the 6-digit code from the app to confirm setup.

mfa5

  • After successful setup, you’ll be shown a list of backup codes.

mfa6

Save these codes in a secure place in case you lose access to your authentication app.

Lost Access to Authenticator?

If you’ve lost access to your authenticator app and do not have your backup codes, don’t worry, an admin can help.

Any Customer Admin or Partner Admin with full read/write permissions can reset your MFA settings.

Steps for an Admin:

  • Go to Users in the DefensX Backend.

  • Locate the affected user and click Edit.

  • Uncheck the box labeled "2FA Auth Enabled?"

2fa disable

  • Click "Update User" to save the changes.

The user can now log in again and reconfigure MFA as needed.

Disabling MFA

Disabling MFA is not recommended, as it reduces the security of your account.

However, if you need to remove MFA enforcement on your account for any reason, you can do so by following these steps:

  • Click your avatar icon in the top-right corner of the DefensX Backend.

  • Select "MFA Settings" from the profile menu.

  • On the MFA settings page, click the Disable Two-Factor Auth button.

disable mfa

This will remove your current MFA configuration.

To avoid confusion in the future, it’s also recommended to remove the account from your authenticator app if you plan to re-enable MFA later.