Two-factor authentication

Hi,

I’m happy to share that Two-Factor Authentication (2FA) is currently in active development and is planned for release in early 2026. (We will, of course, do our best to deliver it sooner if possible!)

I would like to share the major implementation concepts:

1. Who is this for?
   2FA will apply to native Sisense users only - those created in Sisense Admin and who log in with a Sisense username and password.
   Active Directory (AD) or Single Sign-On (SSO) users will be excluded. This is intentional, as their authentication (including any MFA) is configured and managed by their external identity provider.
2. Where will it be available?
   2FA will be available for both cloud and on-prem deployments, as long as an email server is configured for your instance.
3. What is the second factor?
   The second factor will be a secure, one-time code sent to the user’s email.
   Support for other methods (such as authenticator apps or SMS) is not planned at the moment.
4. How will I control the rollout?
   This was a key part of your feedback. To ensure a smooth rollout and flexible control, we are implementing two levels of management:
   • System-Level Toggle: The master switch that enables or disables 2FA across your entire deployment.
   • User-Level Configuration: Determines whether 2FA is required for an individual user.

Admins will be able to manage individual user configurations through a “Require Two-Factor Authentication” control in the Users list (GUI) or via the API.
The default value will be ON, allowing easy and secure enablement for the majority of users while still providing flexibility for exceptions (e.g., system, integration, or QA accounts).

+1 for using 2FA

Any updates on the roadmap status for this? Seems to be long time ago, there was a commitment to implementing it...

Hi piyushrajput.

We appreciate your feedback, but please refrain from using insulting language. 

2FA is not currently on the product roadmap. The majority of our customers use a SSO provider to log in to Sisense, and currently our resources are focused on other projects that will impact greater portions of our users.

Well, that was just being lazy and passing on the responsibility to the end user for keeping the data secure. As a service provider, do you not feel even a little bit responsible for the platform's security? Am happy that this is getting another look.

In light of the recent breach, I would hope that platform security will be a priority and this feature gets the attention it deserves. Like most of the folks above, a setup that allows enabling MFA per user or a group of users or for one or more roles or for all the org would be ideal but will take what we can get quickly enough. 

Hi,

You can see that CDT already had this feature in the tool's core. 

https://dtdocs.sisense.com/article/two-factor

Best

This is a security issue and has to be a high priority. Environments can be complex and SSO isn't always easy to set up for all users for a variety of reasons. Similar to others here, we have different groups of users that we need to tie into the system, which makes moving to SSO more challenging.

MFA is standard now for good reason. I'd support the approach above of flexibility (authenticator/SMS/none) on a per user basis.

Hi Team,

We would like to have MFA (Multi-Factor Authentication) feature to be brought into Sisense On-premise version as soon as possible.

Background:

• With current data breach happened at Sisense, it's high time that Sisense should think of Customer's data security in every aspect
• We understand with SSO security layer is present but not all customers will use SSO for every scenario.
  • Still there will be situations where credential based access will be used by some customers
  • For such situation Multi-factor authentication is really important

Use Case:

• In our case we will use combination of SSO and Credential based access. i.e Few customers will use SSO and few customers who don't have SSO will use credential based access but will have MFA.
• If for any user we are selecting password based access, then there should be one flag to enable MFA for that user (via SMS or via any authenticator application)
  • Sample thought:

Waiting to hear from Sisense to see this feature in their next release.

Hi YuliyaMotiyets, following your comment here would be my ideal use case:

At our business, we have 1000s of customer accounts using the Sisense platform. For the majority of these, we want users to have quick and easy access to Sisense. It's important for us to make viewing their data as simple as possible. Therefore, mandatory 2FA would actually be negative to our use case.

In our business, we would look for a solution that:

1. Didn't force 2FA on new accounts.
2. Would give the option to enable 2FA on specific accounts (perhaps via the Admin UI, or in bulk via REST API).
3. Would likely use SMS rather than an Authenticator App (appreciate this is less secure, again, this is easier for users to set up - ideally the option for either would be great).
4. Was independent of SSO - we don't use this.

In short, it makes the 2FA:

• Optional for accounts that don't need it.
• When it is needed, it would be easy for Sisense Admins to bulk enable / disable 2FA on individual accounts.
• As simple as possible for our customers to use - no need to download a separate authenticator App.

I appreciate our use-case might be a little different to others, so I think a flexible amount of security is potentially what's key for Sisense customers as a whole here.