Multi-factor Authentication
for Rubrik

A simple, effective way to increase protection against unauthorized account access.

Ransomware attacks are not only on the rise, but also targeting your backups. Multi-Factor Authentication (MFA) secures the credentials protecting this critical last line of defense. Rubrik strongly encourages customers to implement MFA on all Rubrik access methods. 

A Time-based One-Time Password (TOTP) enables two-factor verification for local and LDAP users to enhance existing MFA capabilities and safeguard user accounts accessing the Rubrik web UI and CLI.

How MFA Works

MFA is an effective security control for protecting both on-premises and public cloud data. This method protects against stolen credentials by requiring additional authentication steps (or factors) before granting access. Common factors are username and password, numeric codes from an authentication app, or physical security keys.


If one of the factors (commonly, the password) has been compromised by a hacker or unauthorized user, the chances of another factor also being compromised are low. Thus, MFA provides confidence in the user’s identity.

Rubrik Native MFA

Rubrik supports multiple methods of MFA. For local and LDAP accounts. A native TOTP authentication works with common authentication applications - such as Microsoft Authenticator or Google Authenticator.

MFA for Single Sign-On (SSO)

For SSO integration, Rubrik integrates with SAML 2.0 Identity Providers (IdP), enabling users to access multiple applications with a single set of credentials. SAML providers can support multiple types of MFA schemes. Typical providers include Okta, Duo, and Ping Identity.

Enabling MFA

How to Enable MFA for the Rubrik SaaS-based Platform

How to Enable MFA for Rubrik CDM