For an added layer of security, you can require your organization members to sign in to Sentry with two-factor authentication (2FA).
Sentry owner permissions are required to enforce two-factor authentication across your organization.
Before you can require organization members to use 2FA, you must enable two-factor authentication for your own user account.
We recommend notifying your organization members, and asking them to setup 2FA for their accounts before requiring two-factor authentication. You can see which members are enrolled on your organization's members page.
Setup Require 2FA
When you require two-factor authentication, members who are not enrolled in 2FA will be removed from your organization. They will lose access to your organization's projects and notifications, and will be sent an email to setup 2FA. They can reinstate their access and settings within three months of their removal from your organization.
Go to Organization Settings >> General Settings.
Under Security & Privacy, toggle the Require Two-Factor Authentication switch.
View Removed Members
To view members who were removed from your organization for 2FA non-compliance, you can look at your organization's audit log.
Go to Organization Settings >> Audit Log.
You can filter for action member.pending to see removed organization members, and action org.edit to see when the require_2fa organization setting was changed.
Require 2FA and SSO
Require 2FA is currently not available with single sign-on (SSO), so you would need to require two-factor authentication with your identity provider.
Steps to Rejoin an Organization
If you were removed from an organization due to 2FA non-compliance, follow these steps to rejoin the organization and reinstate your access and settings:
Look in your inbox for an email from Sentry titled Mandatory: Enable Two-Factor Authentication.
Click the Enable Two-Factor Authentication button.
If you can't find the email, ask an organization Owner or Manager to go to the Organization Settings >> Members page and resend your invite.
After clicking through the email, you will be prompted to Setup Two-Factor Authentication before rejoining the organization.
This will take you to your Account Settings >> Security page where you need to setup at least one form of two-factor authentication.
Once you've enrolled in 2FA, remember to save your recovery codes in a safe place and consider adding a backup phone number.
Then use the left sidebar to navigate to your organization.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) to suggesting an update ("yeah, this would be better").