Multi-factor authentication
dbt Cloud enforces multi-factor authentication (MFA) for all users with username and password credentials. Users who have not MFA enabled will see a notification asking them to configure one of the supported methods when they log in. If they do not, they will have to configure MFA on the next login or be unable to access dbt Cloud.
dbt Cloud provides multiple options for multi-factor authentication (MFA). MFA provides an additional layer of security to username and password logins for Developer and Team plan accounts. The available MFA methods are:
- SMS verification code (US-based phone numbers only)
- Authenticator app
- Webauthn-compliant security key
This is available across dbt Cloud plans for users with username and password logins only.
Configuration
You can only have one of the three MFA methods configured per user. These are enabled at the user level, not the account level.
- Navigate to the Account settings and under Your profile click on Password & Security. Click Enroll next to the preferred method.
Choose the next steps based on your preferred enrollment selection:
- You will be given a backup passcode, store it in a secure location. This key will be useful if the MFA method fails (like a lost or broken phone).
Account Recovery
When setting up MFA, ensure that you store your recovery codes in a secure location, in case your MFA method fails. If you are unable to access your account, reach out to support@getdbt.com for further support. You may need to create a new account if your account cannot be recovered.
If possible, it's recommended to configure multiple MFA methods so that if one fails, there is a backup option.
Disclaimer
The terms below apply to dbt Cloud’s MFA via SMS program, that dbt Labs (“dbt Labs”, “we”, or “us”) uses to facilitate auto sending of authorization codes to users via SMS for dbt Cloud log-in requests.
Any clients of dbt Labs that use dbt Cloud Labs 2FA via SMS program (after password is input) are subject to the dbt Labs privacy policy, the client warranty in TOU Section 5.1 second paragraph that Client's use will comply with the Documentation (or similar language in the negotiated service agreement between the parties) and these terms:
(1) The message frequency is a maximum of 1 message per user login;
(2) Message and data rates may apply;
(3) Carriers are not liable for delayed or undelivered messages;
(4) For help, please reply HELP to the SMS number from which you receive the log-in authorization code(s);
(5) To opt-out of future SMS messages, please reply STOP to the SMS number from which you receive the log-in authorization code(s). We encourage you to enable an alternate 2FA method before opting-out of SMS messages or you might not be able to log into your account.
Further questions can be submitted to support@getdbt.com.