MFA

Authentication verifies your identity when you sign in to Zilliz Cloud. To strengthen this process, Zilliz Cloud supports multi-factor authentication (MFA).

With MFA enabled, you must provide two factors at login:

• Your account password

• A TOTP (time-based one-time password) from an authenticator app (Eg. Google Authenticator, Microsoft Authenticator, etc.)

📘Notes

Zilliz Cloud has upgraded MFA for enhanced account security. Starting November 25, 2025, email-based MFA is deprecated. Users who previously used email-based MFA must switch to a TOTP authenticator app.

Considerations

• SSO compatibility: If your organization has enabled SSO, MFA is managed by your identity provider (IdP). In this case, configure MFA in your IdP account or contact your Organization Owner for assistance.

• Login method compatibility: The built-in Zilliz Cloud MFA feature is only available to users who register with an email address and a password.

  • If your account is linked to Google, MFA is controlled by Google. For more information, see Turn on 2-Step Verification.

  • If your account is linked to GitHub, MFA is controlled by GitHub. For more information, see Configuring two-factor authentication.

Enable MFA

The following demo shows how to enable MFA for your own account. The demo uses Microsoft Authenticator as an example, but you can use any TOTP-compatible authenticator app.

Disable MFA

📘Notes

If your organization has MFA enforcement enabled, you cannot disable MFA for your account.

The following demo shows how to disable MFA for your own account.

Enforce MFA for all organization users

📘Notes

You must be an Organization Owner to access this feature.

You must have a valid payment method, an Enterprise project and a Dedicated cluster to use this feature.

When organization-level MFA enforcement is enabled:

• All users in the organization are required to set up MFA to sign in.

• Users who have not yet enabled MFA are prompted to set it up the next time they log in.

• Users who do not complete MFA setup will not be able to access the organization.

The following demo shows how to enforce MFA for an organization.

Disable MFA enforcement for organization

📘Notes

You must be an Organization Owner to access this feature.

When organization-level MFA enforcement is disabled:

• Users are no longer required to set up MFA to access the organization.

• Users who have already enabled MFA keep their existing settings and may choose to turn MFA off for their own accounts.

The following demo shows how to disable MFA enforcement for an organization.

Troubleshooting

1. What can I do if I lose access to my authenticator app?

   If you cannot complete MFA or log in because you lost access to your authenticator app, contact your Organization Owner or contact Zilliz Cloud support for assistance.

2. My account uses SSO. How is MFA handled?

   If your organization has enabled SSO, MFA is managed by your identity provider (IdP), not by Zilliz Cloud. Configure MFA in your IdP account or contact your Organization Owner.

3. Why can't I disable MFA?

   If your organization has enabled MFA enforcement, you cannot turn off MFA for your own account.

4. I’m an Organization Owner and some users are locked out after MFA enforcement. What should I do?

   Ask those users to complete MFA setup when prompted at login. If they still cannot access the organization, contact Zilliz Cloud support for assistance.