Multi-Factor Authentication
Note
If you are having trouble creating a new Megaport account, or logging in to an existing account, see Megaport Portal Authentication Frequently Asked Questions (FAQs).
This topic describes how to set up Multi-Factor Authentication (MFA) for users to log in to the Megaport Portal. It also describes how to reset MFA for your users, and how to review the MFA status of all users in your company.
Note
MFA is enabled by default for all new Megaport accounts created after March 16 2026.
About Multi-Factor Authentication
There are various security risks associated with identity facing businesses. Employees using weak passwords, or the same passwords for multiple accounts, can leave organizations vulnerable to breaches and cyber criminal activity. Multi-Factor Authentication (MFA) can help organizations deal with these issues. It makes life easier for employees, allowing them to more easily manage their different accounts securely. It also gives administrators greater visibility and control over identity management, and helps organizations achieve legal compliance with data regulations.
MFA is an authentication method and security system that ensures all of your business accounts require more than one verification factor before they can be accessed. For example, a username and password, and a code from an authentication app. MFA is a core component of a strong identity and access management (IAM) policy, and provides an extra level of security for your Megaport Portal account. We recommend that you use the Google Authenticator app when securing your accounts with MFA.
Each user should install a login verification app (such as Google Authenticator) on their digital device (phone, tablet, computer, and so on). When users log in, they check the login verification app for the token or code that they need to enter as the additional factor.
MFA is mandatory, so your users must enable MFA on their login, if not already set up. They will not be able to log in to the Megaport Portal until they do so. For more information about enabling MFA for your user account and logging in, see Managing Your User Profile and Logging in to the Megaport Portal.
Note
It is not recommended to access Megaport APIs using MFA with a username, password, and token. Although this is technically possible, we recommend to instead use API keys as the preferred authentication method when using Megaport APIs. If you currently have any user accounts being used for API, we recommend changing these to API keys before enforcing MFA. For more information, see Creating an API Key.
MFA benefits
The main benefit of MFA is that it enhances your organization’s security by requiring your users to identify themselves by more than a username and password. By themselves, usernames and passwords are vulnerable to cyber attacks and can be stolen by third parties. Enforcing the use of an additional verification factor such as a code from an authentication app increases the ability of your organization to remain safe from attacks from cyber criminals.
Full benefits of MFA include:
- Improved security
- Protection against unauthorized account access if credentials or devices are stolen
- Regulatory compliance
MFA and Single Sign-On (SSO)
MFA provides additional security to reduce the possibility of unauthorized access through stolen credentials, by requiring multiple authentication factors. SSO allows organizations to simplify and strengthen security because users can access all connected services with a single login.
MFA is mandatory unless your company is using SSO. If your company is using SSO, you will not be required to use MFA to log in to the Megaport Portal. For more information about SSO, see Setting up Single Sign-On.
Administering MFA for your Company account
To administer MFA for your company account, you must be a Company Admin. If you are not a Company Admin, contact your company’s administrator to request changes to the MFA settings for your company account.
MFA can introduce new administrative responsibilities to support users, so we highly recommend that you assign a minimum of two Company Admins to help users troubleshoot and resolve authentication issues quickly.
For more information about user roles, see Managing User Roles.
Note
Megaport Support cannot reset MFA tokens on the customer’s behalf. Company Admins will need to manage tokens.
These rules apply for the different types of Megaport Portal accounts.
| Account Type | Who Can Administer MFA? |
|---|---|
| Direct | A Company Admin can administer MFA. |
| Partner | A Company Admin can administer MFA for their own partner account. A Company Admin can administer MFA for any of their managed accounts. |
| Managed | A Company Admin can administer MFA for their own account. |
Resetting MFA for your users
The MFA setting of individual users can be reset. As a Company Admin, you might need to do this so that a user can enroll a new device. This disables the previous MFA code and the user will be asked to enable MFA again the next time that they log in to the Megaport Portal.
To reset MFA for a user
-
Visit the Megaport Portal and log in.
-
Choose User Menu > Admin Settings > Manage Users.
-
Find the user you want to update.
-
Click
(Edit) for the required user.
-
Click Reset in the Multi-Factor Authentication area.
A confirmation prompt is displayed. The user account for which you are resetting MFA must be a real user and not set up for any automated process, because the user will need to log in again and enable MFA for the account. -
Click OK.
-
Click Close to close the Edit User screen.
The next time that the user logs in to the Megaport Portal, they will need to enable MFA again. For more information, see Logging in after MFA has been reset for your profile.