Multi-Factor Authentication (MFA)

  • Updated
  • Updated
Avatar
Written by Charissa F.
  • Updated
Requires one of the following licenses:

Multi-Factor Authentication (MFA) helps enhance account security by requiring a second form of verification— an email-based One-Time Passcode (OTP) or SMS OTP— in addition to a password. When enabled, users are prompted to supply the additional OTP. This feature provides an extra layer of protection for accounts with administrator roles, safeguarding sensitive data and organizational settings.

Note

The Samsara dashboard logs an event when MFA is enabled. You can track these changes in the Activity Log.

Refer to the following topics for more information on MFA:

MFA for Highly Privileged Roles

All users with highly-privileged access must sign in using Multi-Factor Authentication (MFA). This includes:

  • Users assigned pre-built system roles such as Full Admin, Standard Admin, Read-Only Admin, and Organizational Admin in organizations that do not use SSO.

  • Users in custom roles that provide elevated access permissions—such as those managing users, roles, billing, or security settings.

The following table outlines the custom permissions that constitute admin-level access in the Samsara platform. Users assigned any of the listed permissions will be required to use MFA.

Permission Category

Custom Permissions

User and Driver Management

  • Activate and deactivate drivers from the Drivers page in Settings

  • Edit all driver settings from the Drivers page in Settings and Driver View page

  • Create, edit, and delete all users

  • Create, edit, and delete users who do not have pre-built admin roles (Full Admin, Standard Admin, or Read-only Admin)

Authentication and Identity Settings

  • Create, edit, and delete single sign-on settings

  • Edit organization domains

Gateway and Device Management

  • Edit and remove vehicle, asset, industrial, and site gateways

  • Activate devices for the organization

  • Deactivate devices for the organization

Safety Workflows

  • Edit safety events (add labels, safety managers, assign drivers, comments)

  • Assign, update, and remove drivers and coaches for safety events

  • View dash cam videos and trip details via panic button event review page

  • Download video from safety inbox events

  • View video retrievals and the Video Library page

  • Edit general settings for the organization

API and Integrations

  • View and create API tokens and OAuth 2.0 apps

  • Create, edit, and delete webhooks

Billing and License Management

  • All account management permissions (view/edit)

  • Edit payment method

  • Create, edit, and delete itemized billing configuration

  • Create, edit, and delete roles with billing permission

  • Purchase licenses and hardware from the Webstore

  • Purchase only hardware from the Webstore

  • Submit warranty exchanges

  • Create and edit license assignments

Advanced Features

  • Sign in to the dashboard as another user in the organization

  • Sign out drivers from the Samsara Driver App through the dashboard

Fleet Security

  • Configure organization-wide immobilization settings

  • Remotely immobilize a vehicle (based on speed threshold)

Security Policies

  • Create security policies for the organization

  • Update security policies

  • Delete security policies

Disable MFA

As of October 7, 2025 MFA is required and once enabled, it cannot be disabled.

disable_toggle_MFA.png

Multi-factor authentication (MFA) is one of the most effective ways to prevent unauthorized access, especially in situations where a password might be lost, stolen, or shared. With a second layer of verification, MFA helps safeguard your data, reduce the risk of operational disruptions, and ensure compliance with industry standards.

These changes are part of Samsara’s broader commitment to delivering enterprise-grade security, aligning with industry best practices, and maintaining your trust as your operational technology partner.

Enable MFA

To enable MFA, you must have a Full Admin role or have a custom role with the Security Policies user permission Update Security Policies enabled.

  1. Sign in to the Samsara dashboard.

  2. Select the Settings icon (gear icon) at the bottom of your Fleet menu to view dashboard settings.

  3. In the Organization section, navigate to Multi-Factor Authentication.

  4. Review the MFA options:

    • Enable for All Highly Privileged Roles: Requires MFA for users assigned a custom role with elevated privileges.

    • Enable for All Roles: Expands MFA enforcement to all users.

  5. Save changes to activate MFA for the desired users in your organization.

    For any new accounts, MFA will also be enabled by default for these roles.

MFA Workflow for Users

After MFA is enabled for the organization, users can sign in to the Samsara dashboard as follows:

  1. Go to your Samsara dashboard sign in page and enter your user name and password.

    After successful credential entry and MFA setup, you’ll be prompted to enter a six-digit One-Time Passcode (OTP) sent to either your registered email address from , or through SMS. If you'd like to receive your OTP through SMS, see Add SMS OTP as an MFA Option for more information.

    The code is valid for 10 minutes.

    mfa-example-otp.png

  2. If you opted to receive OTP through SMS, check your text messages for the OTP. Otherwise, check your inbox for the OTP email. If you don’t receive it, check your spam folder.

    Tip

    When you locate the email, mark the email as not spam to ensure future OTPs are delivered to your inbox.

  3. Enter the OTP on the sign in screen. If the code expires, select Click here to resend to receive a new OTP.

Add SMS OTP as an MFA Option

You can use SMS OTP as an MFA option if you have a verified phone number and selected that delivery method.

If you'd like to use SMS OTP as an MFA option, perform the following workflow:

  1. Select the icon for your user menu and select Profile to access your user profile.

    user_profile.png

  2. Click Edit.

    edit_profile.png

  3. Confirm your phone number is correct.

    If you don't have a phone number in your profile, add one, and then Save.

  4. Click Verify Phone Number then enter the verification code sent to your phone number and Verify.

    verify_phone_number.png

  5. Save.

    You will have the option to receive the MFA code through SMS during your next sign-in attempt.

Feedback

Was this article helpful?
58 out of 84 found this helpful
Have more to say? We want to hear it!
Have more questions? Submit a request
Return to top

Comments

0 comments

Article is closed for comments.

Related articles

Articles in this section

©2024 Samsara Inc.

Chat with us