Documentation

Enforcing Multi-Factor Authentication for All Users

Authentication
Updated Nov 26, 2025

Protecting Your Organization with Multi-Factor Authentication (MFA)

Requiring MFA for all users significantly strengthens the security of your organization. Passwords alone are no longer enough to protect against modern threats like phishing, credential stuffing, or stolen credentials. MFA ensures that even if a password is compromised, unauthorized access is prevented by requiring an additional verification factor only the legitimate user possesses. By enforcing MFA across the board, you reduce the risk of data breaches, protect sensitive information, and demonstrate a strong commitment to cybersecurity best practices. It’s a simple, effective step that protects both users and the organization.

How to enforce MFA for all users

  1. Log in to a changebreeze account that has Organizational admin priveldges.
  2. Navigate to Organization settings.
  3. Under the profile tab enable the checkbox "Enforce Multi-Factor Authentication.
  4. If your users are authenticated via SAML, MFA may already be enforced through your identity provider. In this case, there is an option to exclude SAML users from the MFA enforcement policy.

 

Previous

Account Permissions
Next

How to enable MFA for local accounts

Related Articles

Authentication

Account Permissions

ChangeBreeze's role-based permission system provides: Flexibility: Six distinct roles to match your organizational structure Security: Separation of duties and principle of least privilege ITIL Compliance: Roles aligned with ITIL change management best practices Scalability: Works for small teams and large MSPs alike Auditability: Complete logging of all permission-based actions
Authentication

How to enable MFA for local accounts

Steps to Enable Multi-Factor Authentication (MFA) for Enhanced Account Security
Authentication

How to setup SAML authentication with Microsoft Entra

This guide walks you through setting up SAML Single Sign-On (SSO) for ChangeBreeze with Entra ID, allowing users to log in automatically using their company credentials. By integrating with your existing identity provider (such as Entra ID), ChangeBreeze can provide a secure and seamless login experience without the need for separate passwords. Once complete, users can access ChangeBreeze instantly through their organization’s sign-in portal, improving both security and convenience.
Authentication

Managing Global User Permissions for Organizational Accounts

In a multitenant system with organizational user accounts, permissions are global and apply to all sub-companies within the organization. Any permissions set at the organizational level automatically cascade to the sub-companies. User accounts can have roles set during their creation, with the option to edit these roles later from the User Management page. Editing a user's role will update their role across all companies within the organization, override any custom role settings at the company level, and take effect immediately.
Authentication

Managing Global User Permissions for Sub Company / Tenant Accounts

In a multitenant system, sub-company accounts can have user accounts directly attached, typically for customer end users. Permissions can be tailored for these users, such as in the case of an IT team for a sub-customer.