Sprinto Dashboard

Set Up MFA for Critical Platforms

Learn how to set up and enforce MFA across AWS, GitHub, Bitbucket, Okta, Office365, and Google Workspace, and resolve failing Sprinto monitors.

Multi-Factor Authentication (MFA) is a critical control to secure user accounts across cloud and identity providers. Sprinto automatically monitors MFA status across integrated services and raises alerts if MFA is not enabled for specific users or accounts.

This guide covers how to enable MFA for key platforms and resolve failing monitors in Sprinto.

Platforms Covered

  1. AWS (Root and IAM users)

  2. GitHub (User and Org-level)

  3. Bitbucket

  4. Okta

  5. Office365 (Microsoft Entra ID)

  6. Google Workspace

How Sprinto Monitors MFA

For each connected service, Sprinto evaluates whether MFA is:

  • Enforced at the user or organisation level

  • Enabled for privileged accounts (e.g., root users, administrators)

  • Automatically verifiable via integration or requires evidence upload

Sprinto raises a Failing status if MFA is not detected for one or more users, along with guidance to fix the issue.

MFA Setup Instructions

Given below are the setup instructions for all the Platforms.

1. AWS

Root User MFA

  1. Sign in to the AWS Console using the root account.

  2. Navigate to My Security Credentials.

  3. In the Multi-Factor Authentication (MFA) section, choose Activate MFA.

  4. Select Virtual MFA device, and follow the QR code and OTP setup.

  5. Confirm and save.

IAM User MFA

  1. Go to IAM > Users.

  2. Select a user → Security credentials tab.

  3. Under Assigned MFA device, choose Manage.

  4. Configure virtual or hardware MFA.

2. GitHub

User-Level

  1. Go to Settings > Password and authentication.

  2. Enable Two-factor authentication.

  3. Set up via TOTP app or SMS.

Org-Level

  1. Navigate to Org Settings > Security > Authentication security.

  2. Enable the setting: Require two-factor authentication for all members.

  3. Confirm changes.

3. Bitbucket

  1. Log in to Bitbucket.

  2. Go to Personal settings > Security.

  3. Enable Two-step verification.

  4. Scan QR code using an authenticator app and verify with OTP.

4. Okta

  1. Navigate to Security > Multifactor > Factor Enrollment.

  2. Select factors (e.g., Okta Verify, TOTP, SMS) and set them as Required.

  3. Under Security > Authentication Policies, ensure policies require MFA at login.

  4. Save changes.

5. Office365 (Microsoft Entra ID)

  1. Sign in to https://entra.microsoft.com/ (Azure Active Directory portal).

  2. Go to Users > Per-user MFA.

  3. Select users and click Enable.

  4. Optionally, use Conditional Access to enforce MFA for groups or roles.

6. Google Workspace

  1. Go to Admin Console > Security > Authentication > 2-step verification.

  2. Set Allow users to turn on 2-step verification.

  3. Select Enforce for specific organisational units or groups.

  4. Save configuration.

Resolving Sprinto Monitor

  • Once MFA is configured, Sprinto will automatically re-check during the next sync.

  • For platforms without API-based verification (e.g., Bitbucket), upload evidence (screenshots, policy docs).

  • Use the Mark as resolved action after applying fixes manually.

Best Practices

  • Enforce MFA for all users, not just admins.

  • Periodically audit MFA enforcement at the organisation level.

  • Prefer app-based MFA (e.g., TOTP) over SMS-based methods.

  • Use Conditional Access or group policies to automate enforcement.

PreviousAuthentication & Access MonitorsNextConfigure Login Protection & Auto Lockout

Last updated