Open your profile
Click your avatar in the dashboard → Profile.
Protect agent accounts with TOTP-based 2FA.
Add an extra layer of security to agent accounts with time-based one-time passwords (TOTP) compatible with Google Authenticator, Authy, and similar apps.
Click your avatar in the dashboard → Profile.
Click Enable two-factor authentication. Scan the QR code with your authenticator app.
Enter the 6-digit code from your app to confirm. Save your recovery codes in a secure place.
After entering email and password, agents with 2FA enabled are prompted for a TOTP code or a recovery code.
From Profile → Two-factor authentication, enter your current TOTP code to disable. Admins should require 2FA for all team members in security-sensitive deployments.
| Endpoint | Purpose |
|---|---|
GET /api/two-factor/status | Check if 2FA is enabled |
POST /api/two-factor/enable | Start setup (returns QR) |
POST /api/two-factor/confirm | Confirm with TOTP code |
POST /api/two-factor/disable | Disable 2FA |
POST /api/two-factor/challenge | Complete login challenge |