Multi-Factor Authentication (MFA)

  • Updated
  • Updated
Avatar
Written by Charissa F.
  • Updated
Requires one of the following licenses:

Multi-Factor Authentication (MFA) helps enhances account security by requiring a second form of verification—an email-based One-Time Passcode (OTP)—in addition to a password. When enabled, users are prompted to supply the additional OTP. This feature provides an extra layer of protection for accounts with administrator roles, safeguarding sensitive data and organizational settings.

For new organizations, MFA is enabled for all users by default, to enable secure access from the start.

Note

The Samsara dashboard logs an event when MFA is enabled or disabled. You can track these changes in the Activity Log.

Refer to the following topics for more information on MFA:

MFA for Highly Privileged Roles

The following table outlines the custom permissions that constitute admin-level access in the Samsara platform. Users assigned any of the listed permissions will be required to use MFA when Enable for All Highly Privileged Roles is turned on.

Permission Category

Custom Permissions

User and Driver Management

  • Activate and deactivate drivers from the Drivers page in Settings

  • Edit all driver settings from the Drivers page in Settings and Driver View page

  • Create, edit, and delete all users

  • Create, edit, and delete users who do not have pre-built admin roles (Full Admin, Standard Admin, or Read-only Admin)

Authentication and Identity Settings

  • Create, edit, and delete single sign-on settings

  • Edit organization domains

Gateway and Device Management

  • Edit and remove vehicle, asset, industrial, and site gateways

  • Activate devices for the organization

  • Deactivate devices for the organization

Safety Workflows

  • Edit safety events (add labels, safety managers, assign drivers, comments)

  • Assign, update, and remove drivers and coaches for safety events

  • View dash cam videos and trip details via panic button event review page

  • Download video from safety inbox events

  • View video retrievals and the Video Library page

  • Edit general settings for the organization

API and Integrations

  • View and create API tokens and OAuth 2.0 apps

  • Create, edit, and delete webhooks

Billing and License Management

  • All account management permissions (view/edit)

  • Edit payment method

  • Create, edit, and delete itemized billing configuration

  • Create, edit, and delete roles with billing permission

  • Purchase licenses and hardware from the Webstore

  • Purchase only hardware from the Webstore

  • Submit warranty exchanges

  • Create and edit license assignments

Advanced Features

  • Log in to the dashboard as another user in the organization

  • Sign out drivers from the Samsara Driver App through the dashboard

Fleet Security

  • Configure organization-wide immobilization settings

  • Remotely immobilize a vehicle (based on speed threshold)

Security Policies

  • Create security policies for the organization

  • Update security policies

  • Delete security policies

Disable MFA

To disable MFA, you must have a Full Admin role or have a custom role with the Security Policies user permission Update Security Policies enabled.

  1. Log in to the Samsara dashboard.

  2. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

  3. In the Organization section, navigate to Multi-Factor Authentication.

  4. Toggle the desired Enable MFA options to the off position.

  5. Save changes to remove MFA for all applicable users in your organization.

Enable MFA

To enable MFA, you must have a Full Admin role or have a custom role with the Security Policies user permission Update Security Policies enabled.

  1. Log in to the Samsara dashboard.

  2. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

  3. In the Organization section, navigate to Multi-Factor Authentication.

  4. Review the MFA options:

    • Enable for Default Admin Roles: Requires MFA for users with predefined roles such as Full Admin, Standard Admin, and Read-Only Admin.

    • Enable for All Highly Privileged Roles: Requires MFA for users assigned a custom role with elevated privileges.

    • Enable for All Roles: Expands MFA enforcement to all users.

  5. Save changes to activate MFA for the desired users in your organization.

    For any new accounts, MFA will also be enabled by default for these roles.

MFA Workflow for Users

After MFA is enabled for the organization, users can log in to the Samsara dashboard as follows:

  1. Go to your Samsara dashboard login page and enter your user name and password.

  2. After successful credential entry and MFA setup, you’ll be prompted to enter a six-digit One-Time Passcode (OTP) sent to your registered email address from . The code is valid for 10 minutes.

    mfa-example-otp.png

  3. Check your inbox for the OTP email. If you don’t receive it, check your spam folder.

    Tip

    When you locate the email, mark the email as not spam to ensure future OTPs are delivered to your inbox.

  4. Enter the OTP on the login screen. If the code expires, Click here to resend to receive a new OTP.

Feedback

Was this article helpful?
20 out of 29 found this helpful
Have more to say? We want to hear it!
Have more questions? Submit a request
Return to top

Comments

0 comments

Article is closed for comments.

Related articles

Articles in this section

©2024 Samsara Inc.

Chat with us