> For the complete documentation index, see [llms.txt](https://help.genesis.autify.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.genesis.autify.com/settings/organization-settings/security.md).

# Security

The organization-level **Security** settings in Autify Genesis control the allowed login methods for the organization and enforce two-factor authentication across every member.

<figure><img src="/files/hp8pze7JFFbKecUaFAgb" alt="Screenshot of the Security page"><figcaption><p>Security page</p></figcaption></figure>

## Prerequisites

* To change security settings, you need the organization **Admin** or **Owner** role.

## Requiring two-factor authentication for the organization

Require every member of the organization to register an authenticator app to reduce the risk of account takeover.

1. Open **Settings** from the account menu in the lower-left corner, and click **Organization** > **Security** in the left sidebar.
2. On the **Two-factor authentication enforcement** card, turn on the **Require two-factor authentication** switch.
3. Enter the **Grace period (days)** in the dialog that appears (0 to 90 days). Setting it to 0 blocks members immediately.

   <figure><img src="/files/oaqjij0OKwqk62BauEWv" alt="Screenshot of the two-factor authentication enforcement dialog"><figcaption><p>Two-factor authentication enforcement dialog</p></figcaption></figure>
4. Click **Enable enforcement**.

{% hint style="warning" %}
During the grace period, a banner prompts unenrolled members to enroll. After the grace period ends, members without two-factor authentication enrolled are blocked from the organization.
{% endhint %}

For the steps individual members take to enable two-factor authentication, see [Personal settings](/settings/personal-settings.md).

### Disabling two-factor authentication enforcement

1. Open the **Security** page.
2. Turn off the **Require two-factor authentication** switch.

## Restricting login methods for the organization

Restrict the authentication providers allowed for the organization. When every method is enabled, there is no restriction.

1. Open the **Security** page.
2. On the **Login method enforcement** card, turn on the switches for the methods you want to allow.

   | Method                   | Description                                                                                                                               |
   | ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |
   | **Email & password**     | Sign in with credentials registered directly in Genesis.                                                                                  |
   | **Google**               | Sign in with a Google account.                                                                                                            |
   | **Single Sign-On (SSO)** | Sign in through a registered SSO provider (OIDC / SAML). Configure providers in [Single Sign-On](/settings/organization-settings/sso.md). |

   When only one method is enabled, it cannot be turned off.

{% hint style="warning" %}
When at least one method is disabled, a warning banner appears. Members who cannot sign in with any of the enabled methods will be blocked from the organization. Before restricting methods, confirm that members can reliably sign in with an allowed method.
{% endhint %}

## Further reading

* [Single Sign-On](/settings/organization-settings/sso.md)
* [Personal settings](/settings/personal-settings.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.genesis.autify.com/settings/organization-settings/security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
