Skip to main content
To add an additional layer of security to your Openlayer account, you can enable multi-factor authentication (MFA). This feature requires you to provide a second form of verification when logging in. Openlayer supports the following MFA method:
  • Authenticator App: Use an authenticator app like Google Authenticator, Authy, or 1Password to generate a time-based one-time password (TOTP).

Enabling Multi-factor Authentication

1

Navigate to Account Settings

Go to Workspace settingsAccountAuthentication
2

Enable the Authenticator App

In the “Authenticator app (TOTP)” section, click Enable
3

Set up your authenticator app

Follow the setup steps (see below)
4

Verify your setup

Enter the 6-digit code from your authenticator app to confirm
5

Save your recovery codes

Store the recovery codes in a safe place (see Recovery Codes section below)
The Authentication page shows options to require MFA, enable an authenticator app, and generate recovery codes: Authentication settings with MFA options

Configuring an Authenticator App (TOTP)

When you enable the authenticator app, you will see a setup dialog where you can scan a QR code or enter the setup key manually, then enter the 6-digit code from your app to verify: Enable authenticator app setup with QR code and verification
  1. QR code: Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.)
  2. Manual setup key: If you cannot scan the QR code, you can manually enter the setup key displayed on the screen (or copy it using the copy icon)
  3. Verification: Once added to your app, enter the 6-digit code it generates in the verification boxes and click Confirm
The authenticator app will generate a new code every 30 seconds. Use the current code when signing in to Openlayer.

Signing In with MFA Enabled

When you have MFA enabled on your account:
  1. Enter your email and password on the login page
  2. When prompted, enter the 6-digit code from your authenticator app, or use a recovery code if you don’t have access to your authenticator
  3. You will be signed in once the code is verified
If you lose access to your authenticator app, you can sign in using one of your recovery codes. Each recovery code can only be used once.

Recovery Codes

After setting up multi-factor authentication, you will receive recovery codes. These codes allow you to access your account if you lose access to your authenticator app. Recovery codes modal with copy and download options

Important Notes

  • Store codes securely: Save your recovery codes in a safe place (e.g., a password manager or secure note)
  • One-time use: Each recovery code can only be used once
  • Regenerate when needed: You can generate a new set of recovery codes at any time from SettingsAccountAuthenticationRecovery codesGenerate
  • Download or copy: You can download the codes as a text file or copy them to your clipboard when they are generated
Generating new recovery codes invalidates your previous set. Make sure to save the new codes and update your secure storage.

Managing MFA

Regenerating Recovery Codes

If you’ve used many of your recovery codes or suspect they may have been compromised, you can generate a new set:
  1. Go to SettingsAccountAuthentication
  2. Click Generate in the Recovery codes section
  3. Save the new codes securely—your previous codes will no longer work

Enforcing Multi-factor Authentication

Workspace admins can require MFA for all members of their workspace. When enforced, members must enable MFA on their account before they can access the workspace.

Prerequisites

  • You must be a workspace admin
  • You must have MFA enabled on your own account first before you can require it for workspace members

How to Enforce MFA for Your Workspace

1

Enable MFA on Your Account

If you haven’t already, enable MFA from SettingsAccountAuthentication
2

Navigate to Workspace Security Settings

Go to Workspace settingsSecurity and Privacy
3

Enable Require MFA

Toggle Require multi-factor authentication to enable
When MFA is required for a workspace:
  • New and existing members without MFA will be prompted to enable it before they can access the workspace
  • Members who try to sign in will be redirected to the Authentication settings page to complete MFA setup
  • Once MFA is enabled, they can proceed with normal sign-in (password + authenticator code or recovery code)

Frequently Asked Questions

Openlayer works with any TOTP-compatible authenticator app, including Google Authenticator, Authy, 1Password, Microsoft Authenticator, and similar apps.
If you’ve lost access to both your authenticator app and recovery codes, please contact our support team at support@openlayer.com. We can help verify your identity and assist with account recovery.
When using SAML SSO, MFA is typically handled by your identity provider (IdP). Openlayer’s built-in MFA applies to email/password authentication. If your workspace uses SAML SSO, configure MFA in your IdP settings.
Yes. Your authenticator app can store multiple accounts. When you add Openlayer, it will appear as a separate entry (e.g., “Openlayer (your@email.com)”) alongside your other accounts.
If you need to disable MFA on your account, contact our support team at support@openlayer.com. You may need to verify your identity before MFA can be disabled.