Configure which two-factor authentication (2FA) methods your team can use when logging in to your HubSpot account. Standardizing 2FA methods helps align login requirements with your organization's security policies. For example, you can require users to log in using an authenticator app (e.g., Google Authenticator) instead of SMS-based 2FA.
Learn more about improving your account security with login and password best practices.
Permissions required
Super Admin permissions are required to manage approved 2FA methods.
Before you get started
- The setting is turned off by default, allowing all HubSpot-offered 2FA methods.
- The HubSpot mobile app will always be turned on by default as a 2FA method and cannot be turned off.
-
This setting limits 2FA methods when logging in through a browser only. It does not limit 2FA methods when logging in through the HubSpot mobile app. For example, if your account has limited 2FA options, users logging in through the HubSpot mobile app can still use all HubSpot-offered 2FA methods.
This process will differ slightly if you're setting up login methods for the first time in your HubSpot account or if you have already set them up before.
If you're a Super Admin setting up portal login methods for the first time:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to Security.
- On the Login tab, click Setup Portal Login Settings.
- If you'd like to set up single sign-on, click Set up SSO and click Next. Learn more about setting up SSO.
- Select the login methods you'd like to allow for your users, the date it should be enforced from, and any users you'd like to exempt from the login method. Then, click Next.
- Select the 2FA methods you'd like to approve for your users:
- HubSpot mobile app: receive a notification from the HubSpot mobile app. This method is turned on by default and cannot be turned off.
- Authenticator App (recommended): enter a one-time code from an app like Google Authenticator, Authy, or Duo.
- SMS: enter a one-time code sent through a text message.
- Click Next.
- Continue setting up the login methods.
Turn on or update approved 2FA methods
If you've already set up login methods:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to Security.
- On the Login tab, in the Account 2FA preferences section, toggle the Approved 2FA methods switch on.
- Select the checkboxes for the 2FA methods you want to approve for your users:
- Authenticator app (recommended): enter a one-time code from an app like Google Authenticator, Authy, or Duo.
- Text message: enter a one-time code sent through text message
- HubSpot mobile app: receive a notification from the HubSpot mobile app. This method is turned on by default and cannot be turned off.
- Click Save.
Impact of changing approved 2FA methods
When you configure or change the allowed 2FA methods in your HubSpot account, the user experience will vary depending on whether they have already set up a 2FA method or not.
- For users with an existing 2FA method that is no longer approved: the user will be able to log in with that 2FA method the next time they log in. After logging in, the user will be prompted to set up one of the allowed methods for future logins.
- For users who do not have any 2FA method set up: after entering their username and password, the user will be prompted to enter a verification code sent to their email. Following this, they will be prompted to set up one of the approved 2FA methods.
Account Security
Marketing Hub
Starter, Professional, Enterprise
Sales Hub
Starter, Professional, Enterprise
Service Hub
Starter, Professional, Enterprise
Data Hub
Starter, Professional, Enterprise
Content Hub
Starter, Professional, Enterprise
Commerce Hub
Professional, Enterprise
