Two-Factor Authentication Should Be Enforced For The Enterprise
policy name: enterprise_enforce_two_factor_authentication
severity: HIGH
Description
The two-factor authentication requirement should be enforced at the enterprise level. Regardless of whether users are managed externally by SSO, it is highly recommended to enable this option to reduce the risk of deliberate or accidental user creation without MFA.
Threat Example(s)
If an attacker gets valid credentials for one of the enterprise’s users they can authenticate to your GitHub enterprise.
Remediation
- Make sure you are an enterprise owner
- Go to the Settings page
- Go to the Authentication security tab
- Check the ‘Require two-factor authentication for all organizations in the enterprise’ checkbox