Multi-Factor Authentication

Overview

SingleStore provides a variety of authentication methods including username/password, JWT, SAML, and OIDC. SingleStore also supports multi-factor authentication (MFA) which enhances login security when connecting to SingleStore Helios. The MFA solution is available only to non-SSO users and SSO users who are exempt from the SSO requirement when logging in through the IDP.

While customers using single sign-on (SSO) with external authentication tools can enable MFA on their identity providers, SingleStore offers a default MFA solution, through a combination of either the FreeOTP or the Google Authenticator app and Keycloak, which is managed entirely by SingleStore.

MFA is enabled on a per-user basis. Users can simply install either the FreeOTP or the Google Authenticator app on their mobile device (iOS, Android, Windows, etc.) and configure it for use with the Cloud Portal.

Enable Multi-Factor Authentication

1. Sign in to the Cloud Portal and select <your_account> > User Settings > Manage Account.

2. Under Two-factor authentication, select Set up authenticator application.

3. If prompted, sign back into SingleStore Helios.

4. Follow the instructions on the MFA Setup page to configure your authenticator app.

After your authenticator app has been configured, your device will be listed in the Two-factor authentication section. To test this configuration:

1. Sign out of the Cloud Portal.

2. Sign back into the Cloud Portal.

   When signing back in, a Multi-factor Authentication page is displayed and you are prompted to enter a one-time code from your authenticator app.