content/operate/rc/security/access-control/multi-factor-authentication.md
To reduce the chances of unauthorized access, Redis Cloud allows users to enable multi-factor authentication (MFA).
When MFA is enabled, users must enter their username, password, and an authentication code when signing in. MFA requires a mobile device that can receive these authentication codes over text messaging. In addition, you may use an authenticator app such as Google Authenticator as one of your factors.
To further increase the security of the account, the account owner can require MFA enforcement for all users.
{{< note >}} Once you enable MFA, it will be required to access every account that belongs to you. Deactivating MFA enforcement on an account does not deactivate MFA enforcement for other users of that account that have defined a phone number. To deactivate MFA enforcement for other users, those users will each need to deactivate MFA enforcement for their own user accounts. {{< /note >}}
Each user can enable and configure MFA for their account. The default MFA configuration sends an authentication code by text message that users must enter when they sign in.
To configure MFA for your user account:
Sign in to your account.
From the Redis Cloud console menu, select your name and then User Profile from the drop down menu.
{{<image filename="images/rc/multi-factor-authentication-user-dropdown.png" width="300px" alt="Use the user drop down menu to get to the User Profile section." >}}
Under your user profile, locate Multi-factor authentication.
{{<image filename="images/rc/multi-factor-authentication-user-profile.png" alt="Multi-factor authentication is located on the user profile page." >}}
Enter your mobile phone number in the Text message box and then select Send code.
You will receive a confirmation code sent by text message. Enter the code when prompted by the Redis Cloud console and select Verify.
Your account is now configured for MFA.
{{< note >}} We recommend that you also configure MFA for an authenticator app as an additional factor. {{< /note >}}
If you cannot sign in to your account because of MFA, please contact support.
If your mobile phone is lost or stolen, make sure that you update the MFA configuration to prevent unauthorized sign-ins.
To change the mobile phone number used for MFA:
After you configure MFA for text messages, you can also configure MFA to work with a time-based one-time password (TOTP) app such as Google Authenticator.
When you sign in to the Redis Cloud console, you can select either an authentication code sent by text message or an authentication code shown in your authenticator app.
To configure MFA for an authenticator app:
You can now use either a text message code or an authenticator app code as your second factor when signing in.
You can deactivate MFA for your user account. To deactivate MFA, go to your profile, locate Multi-Factor Authentication, and select Deactivate.
Account owner users can enable MFA enforcement for all users in their account. After MFA is enforced for the account, all users who do not have MFA enabled will be required to configure MFA the next time they sign in to the Redis Cloud console.
{{< note >}} Redis Cloud does not enforce MFA for [SAML SSO]({{< relref "/operate/rc/security/access-control/saml-sso" >}}) users since the identity provider handles MFA management and enforcement. {{< /note >}}
To enable MFA enforcement for all user accounts:
Sign in as an account owner.
Go to Account Settings.
Under Security, switch the MFA environment toggle to On.
{{<image filename="images/rc/multi-factor-authentication-force-all-users-on.png" alt="Multi-factor authentication toggle for all users on." >}}
{{< tip >}} Notify all of your Redis Cloud console users before enabling MFA enforcement. {{< /tip >}}