Drata

This test is part of the <b>MFA on Accounts </b>control that ensures Multi-Factor Authentication (MFA) is being required for access to any sensitive systems or applications. Drata will verify that in order to log in to your version control tool a user needs to provide their ID, a password, and then either a One-Time Password (OTP) or certificate.

If Drata finds that there are users in your version control tool that do not have MFA enabled the test will fail. With a failed test you will receive a list of users that do not have MFA enabled on their account.

To ensure a validated state when testing for MFA on the Version Control System, please follow the links below. In certain cases, the individual failing users will need to modify their account MFA implementation. Once each user has taken steps to modify their MFA settings, the <a href="https://help.drata.com/en/articles/5330216-identity-sync-updates-in-drata">next nightly user sync</a> will pick up the changes and rerun the test to show the latest results.

In order for Test 87 - MFA on Version Control System to pass for the Azure DevOps Repos connection, both of the following must be true:

1. Microsoft 365 must be your connected IdP
2. You must be enforcing MFA on Microsoft 365 via Conditional Access Policies or Security Defaults

- In order for Test 87 - MFA on Version Control System to pass for the Azure DevOps Repos connection, both of the following must be true:
  1. Microsoft 365 must be your connected IdP
  2. You must be enforcing MFA on Microsoft 365 via Conditional Access Policies or Security Defaults

<a href="https://www.onelogin.com/learn/what-is-mfa" rel="nofollow noopener noreferrer" target="_blank">What is Multi-Factor Authentication (MFA)?</a>

<a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable.html" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA for users in AWS</a>

<a href="https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your Azure/MSFT account</a>

<a href="https://support.atlassian.com/bitbucket-cloud/docs/enable-two-step-verification/" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your Bitbucket account</a>

<a href="https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your GitHub account</a>

<a href="https://docs.gitlab.com/ee/security/two_factor_authentication.html#enforce-2fa-for-all-users-in-a-group" rel="nofollow noopener noreferrer" target="_blank">How to enforce MFA for all GitLab group members</a>

- <a href="https://help.drata.com/en/articles/5362488-gitlab-mfa-configurations">See this Drata help article for GitLab group setting screenshots</a>

- <a href="https://www.onelogin.com/learn/what-is-mfa" rel="nofollow noopener noreferrer" target="_blank">What is Multi-Factor Authentication (MFA)?</a>
- <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable.html" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA for users in AWS</a>
- <a href="https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your Azure/MSFT account</a>
- <a href="https://support.atlassian.com/bitbucket-cloud/docs/enable-two-step-verification/" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your Bitbucket account</a>
- <a href="https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication" rel="nofollow noopener noreferrer" target="_blank">How to enable MFA on your GitHub account</a>
- <a href="https://docs.gitlab.com/ee/security/two_factor_authentication.html#enforce-2fa-for-all-users-in-a-group" rel="nofollow noopener noreferrer" target="_blank">How to enforce MFA for all GitLab group members</a>
  - <a href="https://help.drata.com/en/articles/5362488-gitlab-mfa-configurations">See this Drata help article for GitLab group setting screenshots</a>

Drata connects to your companies' Version Control System and pulls all user accounts to determine if each has MFA enabled.