Enforce Organization wide 2FA in GitHub

Introduction

GitHub provides the ability to have organization-wide 2FA authentication enabled. This setting is a global security mechanism to prevent new users joining GitHub from missing the multi-factor authentication requirement.

Multi-factor authentication provides an additional layer of security and must be enabled wherever possible to create a defence-in-depth security setting. An attacker would not be able to log in to an account even if they had the password as the account would require a multi-factor authentication token to complete the login process.

In this article we will see how to enforce organization-wide 2FA in GitHub.

Note: Enabling Organization wide 2FA will remove all the current users without 2FA as well. Make sure before making this setting all the current users are required to enable 2FA or keep a list of all the users handy that will need to be added back to the organization.

Enforce Organization wide 2FA

Following are the steps to enable setting the setting for organization wide 2FA:

1. Login to your GitHub account and navigate to the Organization for which you want to enforce 2FA

2. On the Organization main page, click on Settings

   

3. Under Security section, click on Authentication security

   

4. Check the box for Require two factor authentication for everyone in your organization and click on Save

   

5. A pop-up will appear for action confirmation showing which all users will be removed from the Organization as a result of this action. It will prompt you to confirm the Organization name. Provide the organization name and click on Remove members & require two-factor authentication