Skip to main content

Enable two-factor authentication (2FA)

When 2FA is enabled on your account, you must always have at least one other sign-in method enabled, such as:

  • Password-only

  • Single Sign-On (SSO)

  • Client authentication certificate.

2FA requires two forms of authentication for sign-in: your primary method (password, SSO, or certificate) and a one-time password from an authenticator app.

Procedure

To enable 2FA:

  1. In DigiCert ONE, in the Manager menu (top right), select Account.

  2. In the left sidebar in Account Manager, select Accounts.

  3. On the Accounts page, select the Name of the account that needs two-factor authentication enabled.

  4. On the Account details page, go to the Sign-in settings for all-account-access users section and select the Two-factor authentication pencil (edit icon).

  5. On the Update two-factor authentication page, select Enable two-factor authentication.

  6. Select Update two-factor authentication to complete setup.

What's next

DigiCert ONE sends existing users in your account the Additional sign-in security for your DigiCert ONE account email. The email lets them know that the next time they sign in to DigiCert ONE, they will need to set up two-factor authentication.

The next time you add a new user, they will set up both forms of authentication when they update their account: password and an OTP device.