Skip to main content

Search

Multi-Factor Authentication (MFA)

a31548 a722e2

Multi-Factor Authentication (MFA) helps enhances account security by requiring a second form of verification— an email-based One-Time Passcode (OTP) or SMS OTP— in addition to a password. When enabled, users are prompted to supply the additional OTP. This feature provides an extra layer of protection for accounts with administrator roles, safeguarding sensitive data and organizational settings.

Note

The Samsara dashboard logs an event when MFA is enabled or disabled. You can track these changes in the Activity Log.

Refer to the following topics for more information on MFA:

MFA for Highly Privileged Roles

The following table outlines the custom permissions that constitute admin-level access in the Samsara platform. Users assigned any of the listed permissions will be required to use MFA.

Permission Category

Custom Permissions

User and Driver Management

  • Activate and deactivate drivers from the Drivers page in Settings

  • Edit all driver settings from the Drivers page in Settings and Driver View page

  • Create, edit, and delete all users

  • Create, edit, and delete users who do not have pre-built admin roles (Full Admin, Standard Admin, or Read-only Admin)

Authentication and Identity Settings

  • Create, edit, and delete single sign-on settings

  • Edit organization domains

Gateway and Device Management

  • Edit and remove vehicle, asset, industrial, and site gateways

  • Activate devices for the organization

  • Deactivate devices for the organization

Safety Workflows

  • Edit safety events (add labels, safety managers, assign drivers, comments)

  • Assign, update, and remove drivers and coaches for safety events

  • View dash cam videos and trip details via panic button event review page

  • Download video from safety inbox events

  • View video retrievals and the Video Library page

  • Edit general settings for the organization

API and Integrations

  • View and create API tokens and OAuth 2.0 apps

  • Create, edit, and delete webhooks

Billing and License Management

  • All account management permissions (view/edit)

  • Edit payment method

  • Create, edit, and delete itemized billing configuration

  • Create, edit, and delete roles with billing permission

  • Purchase licenses and hardware from the Webstore

  • Purchase only hardware from the Webstore

  • Submit warranty exchanges

  • Create and edit license assignments

Advanced Features

  • Sign in to the dashboard as another user in the organization

  • Sign out drivers from the Samsara Driver App through the dashboard

Fleet Security

  • Configure organization-wide immobilization settings

  • Remotely immobilize a vehicle (based on speed threshold)

Security Policies

  • Create security policies for the organization

  • Update security policies

  • Delete security policies

Disable MFA

To disable MFA, you must have a Full Admin role or have a custom role with the Security Policies user permission Update Security Policies enabled.

  1. Sign in to the Samsara dashboard.

  2. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

  3. In the Organization section, navigate to Multi-Factor Authentication.

  4. Toggle the desired Enable MFA options to the off position.

  5. Save changes to remove MFA for all applicable users in your organization.

Enable MFA

To enable MFA, you must have a Full Admin role or have a custom role with the Security Policies user permission Update Security Policies enabled.

  1. Sign in to the Samsara dashboard.

  2. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

  3. In the Organization section, navigate to Multi-Factor Authentication.

  4. Review the MFA options:

    • Enable for Default Admin Roles: Requires MFA for users with predefined roles such as Full Admin, Standard Admin, and Read-Only Admin.

    • Enable for All Highly Privileged Roles: Requires MFA for users assigned a custom role with elevated privileges.

    • Enable for All Roles: Expands MFA enforcement to all users.

  5. Save changes to activate MFA for the desired users in your organization.

    For any new accounts, MFA will also be enabled by default for these roles.

MFA Workflow for Users

After MFA is enabled for the organization, users can sign in to the Samsara dashboard as follows:

  1. Go to your Samsara dashboard sign in page and enter your user name and password.

    After successful credential entry and MFA setup, you’ll be prompted to enter a six-digit One-Time Passcode (OTP) sent to either your registered email address from , or through SMS, if you have a verified phone number and selected that delivery method.

    Note

    If you'd like to use SMS OTP as an MFA option, you must add your phone number to your user profile to verify it.

    The code is valid for 10 minutes.

    mfa-example-otp.png

  2. If you opted to receive OTP through SMS, check your text messages for the OTP. Otherwise, check your inbox for the OTP email. If you don’t receive it, check your spam folder.

    Tip

    When you locate the email, mark the email as not spam to ensure future OTPs are delivered to your inbox.

  3. Enter the OTP on the sign in screen. If the code expires, select Click here to resend to receive a new OTP.

Comments

0 comments

Article is closed for comments.

Powered by Zendesk