Hanzo
PlatformHanzo KMSPlatform

Multi-factor Authentication

Learn how to secure your Hanzo KMS account with MFA.

MFA requires users to provide multiple forms of identification to access their account.

Email 2FA

If 2-factor authentication is enabled in the Personal settings page, email will be used for MFA by default.

Email-based MFA

Mobile Authenticator 2FA

You can use any mobile authenticator app (Authy, Google Authenticator, Duo, etc.) to secure your account. After registration with an authenticator, select Mobile Authenticator as your 2FA method. Authenticator-based MFA

Entra ID / Azure AD MFA

Before proceeding make sure you've enabled SAML SSO for Entra ID / Azure AD.

We also encourage you to have your team download and setup the Microsoft Authenticator App prior to enabling MFA.

Entra Hanzo KMS app

conditional access

create policy

require MFA and review policy

By default all users except the configuring admin will be setup to require MFA. Microsoft encourages keeping at least one admin excluded from MFA to prevent accidental lockout.

enable policy and confirm

mfa login

If users have not setup MFA for Entra / Azure they will be prompted to do so at this time.

How is this guide?

Last updated on

Point-in-Time Recovery

Learn how to rollback secrets and configurations to any snapshot with Hanzo KMS.

Groups

Manage groups containing users and machine identities in Hanzo KMS.

On this page

Email 2FA
Mobile Authenticator 2FA
Entra ID / Azure AD MFA