For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Sign inTry it free
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
  • Get started
    • Overview
    • Onboarding
    • Get started
    • Launch Insights
    • LaunchDarkly architecture
    • LaunchDarkly vocabulary
  • AgentControl
    • AgentControl
    • Manage AgentControl
  • Feature flags
    • Create flags
    • Target with flags
    • Flag templates
    • Manage flags
    • Code references
    • Contexts
    • Segments
  • Releases
    • Releasing features with LaunchDarkly
    • Release policies
    • Percentage rollouts
    • Progressive rollouts
    • Guarded rollouts
    • Feature monitoring
    • Release pipelines
    • Engineering insights
    • Release management tools
    • Applications and app versions
    • Change history
    • Restoring previous flag versions
  • Observability
    • Observability
    • Session replay
    • Error monitoring
    • Logs
    • Traces
    • Observability metrics
    • Product analytics events
    • LLM observability
    • Alerts
    • Dashboards
    • Service map
    • Vega for auto-remediation
    • Observability MCP server
    • Search specification
    • Observability settings
    • Observability integrations
  • Experimentation
    • Experimentation
    • Experiment metric types
    • Experiment configuration
    • Managing experiments
    • Analyzing experiments
    • Multi-armed bandits
    • Holdouts
  • Metrics and events
    • Metrics in LaunchDarkly
    • Creating metrics
    • Metric groups
    • Events
    • Autogenerated metrics
  • Warehouse native
    • Warehouse native metrics
    • Setting up external warehouses
    • Creating experiments using warehouse native metrics
  • Infrastructure
    • Connect apps and services to LaunchDarkly
    • LaunchDarkly in China and Pakistan
    • LaunchDarkly in the European Union (EU)
    • LaunchDarkly in federal environments
    • Public IP list
  • Your account
    • Projects
    • Views
    • Environments
    • Tags
    • Teams
    • Members
    • Roles
    • Account security
      • Single sign-on
      • API access tokens
      • Multi-factor authentication
      • Domain verification
      • IP allowlist
      • Managing sessions
      • Organization access settings
      • Organization announcements
      • Support options
      • Resetting your password
    • Feature previews
    • Billing and usage
    • Changelog
Sign inTry it free
LogoLogo
On this page
  • Overview
  • About multi-factor authentication
  • Set up MFA
  • Log in with MFA
  • Use your recovery codes
  • Account administration for MFA
Your accountAccount security

Multi-factor authentication

Was this page helpful?
Previous

Domain verification

Next
Built with

Overview

This topic explains how to set up and use multi-factor authentication to improve the security of your LaunchDarkly account.

About multi-factor authentication

Multi-factor authentication (MFA) requires you to use a second verification step in addition to your password to log in to a service, app, or website.

In LaunchDarkly, you can enable MFA for your individual account, which requires you to enter a verification passcode from a free authenticator application you install on a mobile device.

Administrators can also require all newly invited account members on the team to enable MFA when they first log in.

We strongly recommend that all LaunchDarkly account members enable MFA for their account, and that administrators enforce MFA for their entire organization.

Set up MFA

Before you begin, install a compatible authenticator application on your mobile device. We recommend Google Authenticator, but any TOTP authenticator application should work well.

To enable MFA for your account:

  1. Click your member icon in the left sidenav. A menu appears.
  2. Click Personal settings. Your profile page appears.
  3. Click Enable MFA. A dialog with a QR code appears.
  4. Launch the authenticator application on your mobile device and hold the camera up to your screen to scan the code. When the QR code scans, a six-digit code appears on your mobile device.
  5. Enter the six-digit code from your authenticator application in the text box in LaunchDarkly.
  6. Click Continue. A confirmation dialog with recovery codes appears. Save these recovery codes in a secure location in case your MFA device is lost or stolen.
  7. Click Complete.

If you lose access to the mobile device with your MFA settings, you can use one of these recovery codes to access your account and reset your MFA settings.

Do not lose your recovery codes

Store your recovery codes in a safe location other than your mobile device. If you lose your recovery codes and cannot access your account, you must contact a LaunchDarkly administrator for help. They can send you a new recovery code.

Log in with MFA

When MFA is enabled, you’re required to enter a code from your authenticator app each time you log in to LaunchDarkly.

The first step of the login flow doesn’t change. You must enter your email address and password. After your credentials are verified, an MFA login screen appears.

Enter a valid passcode from your authenticator app within five minutes. If you don’t do this quickly enough, you must re-enter your password and a new code.

Use your recovery codes

If you’ve lost access to your device or your authenticator application, click the link on the MFA login screen to log in with one of your recovery codes.

When you use a recovery code, you’ll be sent to your profile page. When this happens, reset your MFA settings and generate new recovery codes immediately.

Recovery codes are single-use

Once you’ve logged in with a recovery code, reset your MFA settings immediately. You can only use recovery codes once, so every time you use one, you should generate new recovery codes and store them in a safe location as soon as possible. If you’ve lost your device and do not have access to any of your recovery codes, contact an administrator for your organization’s LaunchDarkly account. Your administrator can send you an email with a new recovery code.

Account administration for MFA

Editing MFA settings is an Admin-only feature

Editing MFA settings is only accessible if you have a LaunchDarkly Admin organization role, or an Owner base role, or another role that allows the updateRequireMfa action. If you have the appropriate permissions you can require all newly invited account members to enable MFA. To learn more, read About member roles and Account actions.

To require multi-factor authentication:

  1. Click the gear icon in the left sidenav to view Organization settings.
  2. Click Security.
  3. In the “Multi-factor authentication” section, check the Require multi-factor authentication for new members checkbox.
  4. Click Save.

When this setting is enabled, any new account members you invite must set up MFA for their account when they first log in. In addition, if this setting is enabled, account members cannot disable MFA for their account.

Admins can also view whether account members have MFA enabled on the individual member’s Settings page. If a member does not have MFA enabled, admins can send an email requesting that the account member enable MFA.

Finally, if an account member with MFA enabled loses their device and no longer has access to their recovery code, administrators can send them an email with a new recovery code.