Who can use this feature?
🔐 Only team owners and admins can enforce two-factor authentication (2FA)
⭐️ Available on the Business plan.
You can enable an option to enforce two-factor authentication (2FA) for all members of your team, and optionally for guests. This makes it mandatory for everyone covered by the policy to have 2FA set up on their account before they can access the team.
Log in to Nuclino.
Make sure you have 2FA enabled on your own account first. See Configure two-factor authentication (2FA).
Open your Team settings by opening the main menu in the top left corner of the app, clicking on your team name, and then choosing Team settings.
Go to the Authentication section and enable the Enforce 2FA login option. You can also choose to Enforce 2FA login for guests.
Click Save changes.
The following occurs:
All team members who do not have 2FA set up yet receive an email prompting them to enable it. The email can be resent by an admin via Team settings › Members › Team member › More › Send 2FA setup reminder.
Team settings › Members › Team member shows if any given team member has already set up 2FA by displaying the status 2FA, or 2FA pending if they have not enrolled yet.
The next time an affected team member opens Nuclino, they will be required to set up 2FA before they can continue. Active sessions in already-open tabs are not interrupted, but any reload, new tab, or new login will trigger the requirement.
Existing 2FA setups are preserved. Members who already had 2FA enabled are unaffected.
Members keep their existing passwords. Unlike SSO enforcement, 2FA enforcement does not change how members sign in; it only adds a second factor.
Pending email invites and the team invite link continue to work normally. Invitees who do not yet have 2FA will be required to set it up the first time they access the team.
2FA enforcement and SAML-based SSO enforcement are mutually exclusive. If your team enforces SSO, the SSO provider is responsible for second-factor authentication and Nuclino's per-account 2FA cannot be used. To switch from SSO enforcement to 2FA enforcement (or vice versa), disable the active option first.
To turn off enforcement, return to Team settings › Authentication, disable the Enforce 2FA login toggle, and save. Team members who already set up 2FA keep their setup; new members will no longer be required to enroll.