Today, we’re introducing a new layer of security into the VIP Dashboard: Step-up authentication.
Step-up authentication is a security process requiring MFA verification when engaging in sensitive or high-risk actions.
This additional security measure acts as a barrier against bad actors, ensuring that even if an account is compromised, unauthorized actions are prevented. By doing so, it provides an additional layer of protection to safeguard your sites.
Why it matters
Step-up authentication dynamically increases verification requirements based on the risk level of user actions, ensuring that risky actions are validated before being executed.
This approach enhances security, reducing the risk associated with compromised sessions.
How it works
Step-up authentication will provide extra protection for actions like granting users permissions, changing the deployment branch, and many more.
When completing some of these high-risk tasks or accessing sensitive resources, users will be asked to reauthenticate using one of the Multi-Factor Authentication (MFA) methods set up via VIP Authentication.
Completing this process will allow users to perform other secure actions or access protected routes for one hour. Once the hour has passed, any attempt to access a protected route or perform a secure action will require reauthentication.
Users logging in via SSO won’t be affected for now.
Find out more about Step-up authentication in the VIP Dashboard in our documentation.