Multi-factor authentication

  • 4min

Multi-Factor Authentication (MFA) is a security measure that requires users to provide additional forms of verification to access an application or data.

MFA in Dynatrace SaaS is designed to provide an additional layer of security when accessing specific environments.

  • Non-federated users are required to authenticate with MFA if MFA is enabled on their environment. They receive a one-time password via their registered email address. They need to enter this code to access the protected environment.
  • Federated users are not required to authenticate with MFA, even if MFA is enabled on their environment. Their identity verification is instead handled by their Identity Provider (IdP) during the login process.

MFA enforcement for an environment

Account administrators can choose to enforce MFA by configuring it as a prerequisite for accessing selected environments at the Dynatrace account level.

To enable MFA enforcement for a specific environment

  1. Go to https://myaccount.dynatrace.com/accounts and select the account that contains the environment you want to modify.

  2. Go to Settings > Environments and, in the Environments table, find the environment where you want to enforce MFA.

  3. In the Enforce MFA column, turn on the switch.

  4. Confirm your selection when prompted.

    Once enabled, MFA will be required for all non-federated users who attempt to access the environment.

If a user attempts to access an environment that requires MFA authentication, but their current session does not meet this requirement, they will see an additional prompt to provide a one-time password without the need to login again.

Frequently asked questions

Please wait 30 seconds, check your junk email folder, or try resending the one-time password.

Only the latest one-time password sent is valid. Please make sure you are using that code.

If users are unable to complete the MFA challenge, the account administrator can temporarily disable MFA enforcement for the affected environment.

This can be done via the Dynatrace Account Management portal, allowing users to regain access until the issue is resolved.

For instructions, see the MFA enforcement for an environment procedure above, but this time turn the switch off.

There are a few common reasons why you might not be prompted for MFA when accessing Dynatrace:

  • MFA enforcement is not enabled for the environment.

    If the environment you're accessing does not have MFA enforcement enabled, you won’t be challenged with MFA.

  • You are a federated user.

    If you log in via a federated identity provider (such as Azure AD or Okta), your authentication is managed externally. Dynatrace trusts the authentication level provided by your IdP.

  • Your session already meets the MFA requirement.

    • If you’ve already completed MFA during your current session, you won’t be prompted again unless you log out and back in or your session expires.
    • When the Remember Me option is enabled and MFA has been completed, users can stay signed in without repeated MFA prompts until the cookie expires or the user logs out.