How to Require Secure Sign In for Teams

After you create a team and invite team members, the team page in the Account section of the main menu lists the team’s current membership. In this table, team owners can see each team member’s Sign-in method (email, email + 2FA, Google, or GitHub).

Team membership roles and settings

For additional security, team owners can require team members to use a secure sign-in method.

When a team requires secure sign-in, only team members who log into DigitalOcean via Google or GitHub OAuth or a DigitalOcean account with two-factor authentication (2FA) can access the team.

Require Secure Sign-In

You can enable secure sign-in during team creation, and any team owner can require secure sign-in for existing teams on the team page or when inviting new team members.

Note
To require secure sign-in for an existing team, the team owner’s account must already use 2FA, Google OAuth, or GitHub OAuth.

To require secure sign-in, switch to the team in the control panel using the account drop-down in the top right. In the Account section of the main menu, click Team to go to the team page. In the Secure sign-in section, click Enable to open the secure sign-in settings.

The Secure sign-in section opened with the Require secure sign-in box checked

Check the box next to Require secure sign-in, then click Save to immediately require secure-sign in. This notifies all team members via email that secure sign-in is now required.

When a team member without an accepted sign-in method tries to access the team, they are prompted to update their sign-in method in order to regain access to the team:

The update sign-in method page

Team members without accepted sign-in methods who are already logged into the team are similarly prompted with a pop-up window:

The update sign-in method window for logged-in users

This prevents team members from accessing the team until they switch to Google or GitHub OAuth or enable 2FA on their DigitalOcean account.

Stop Requiring Secure Sign-In

Team owners can stop requiring secure sign-in for a team on the team page. This allows team members who log in using a DigitalOcean account without 2FA to access the team.

To stop requiring secure sign-in, switch to the team in the control panel using the account drop-down in the top right. In the Account section of the main menu, click Team to go to the team page.

When secure sign-in is required for the team, the Secure sign-in section shows Required:

The Secure sign-in section with secure sign-in enabled

Click Disable to open the secure sign-in settings, then uncheck the box next to Require secure sign-in and click Save.