Account security
It's a dangerous world out there! But you can make things much safer by enabling two-factor authentication in your RevenueCat account settings.
Once you do, you'll need a code generated on your mobile device any time you log in to your RevenueCat account.
Enabling Two-Factor Authentication
1. Set up
Navigate to your Account > Security settings in the RevenueCat dashboard and click Set up under Two-factor Authentication to begin the setup process.
2. Scan barcode
You'll be prompted to re-enter your password. Once re-authenticated, you'll be presented with a QR code that you should scan with an authenticator app such as Authy or Google Authenticator.
3. Enter two-factor code
Enter the two-factor code from the authenticator app then click Enable.
4. Save recovery codes
Save your recovery codes. You'll only be shown these codes once, and are required if you ever lose access to your authenticator app. Some authenticator apps, like Authy, also provide their own backups in case you lose your phone.
If you ever lose access to your two-factor code from your authenticator app (e.g. you got a new phone) the recovery codes are required to access RevenueCat.
For security reasons, RevenueCat Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery codes.
Enforcing Two-Factor For Your Project
If you have invited collaborators to your app, you can check see if they've enabled two-factor authentication for their account on the Project > Collaborators page.
Project Owners and Administrators also have the ability to enforce two-factor authentication for any new collaborators. With this setting enabled, invited collaborators will not be able to join your project until they've set up two-factor authentication for their account.
Before you can enforce two-factor authentication for your project, all existing collaborators must already have two-factor authentication enabled. You can remove current collaborators and re-invite them if you need to enforce two-factor immediately.
Disabling Two-Factor Authentication
To disable two-factor authentication vavigate to your Account > Security settings in the RevenueCat dashboard and click Disable under Two-factor Authentication.
If you are a collaborator on a Project that requires two-factor authentication, you must leave that project before disabling.
Activating Single Sign-On
At this time, Single Sign-On is only available for customers on an Enterprise plan
To enable Single Sign-On for your organization navigate to your Account > Security > SSO and click Activate SSO.
When the SSO of your organizations is active users with the domain of your organization will be required to sign in using SSO.