2-factor authentication (2FA) adds one more layer to your login process, but it’s worth it. It helps protect your account even if someone steals your password. When trying to log in, after you type in your password, you’ll also need to enter a code from your phone or app: even if someone knows your password, they still can’t get in, making it way harder to hack.

This article will help you set up 2FA using Postman. If you rather do it via Multilogin X CLI tool, follow our CLI article How to enable 2FA in CLI.

How to set up Google Authenticator

1. Download Google Authenticator in your app store (iOS, Android)
2. Open the app → log in to your Google account
3. Hit the plus (+) icon at the lower right area
4. Choose “Scan a QR code” → scan your 2FA QR code
5. When done, confirm and save your codes

How to use 2FA endpoints with Postman

How to set up 2FA for a user

1. Go to the Documenter page and locate or import the 2FA endpoints
2. Use the “Set up 2FA” endpoint to get your device_id and otp_url_bytes objects
3. Copy the otp_url_bytes → paste it in Bytes-to-QR converter
4. Click “Decode” → copy the URL that will be generated
5. Go to QR Code Generator and paste it → a QR code will be shown
6. Scan the QR code → you will see the entry in your Google Authenticator app

How to enable 2FA for a user

1. Go to “Enable 2FA” endpoint → head over to “Body”
2. Use your previously obtained device_id
3. Type the code from Google Authenticator in totp_code → press “Send”
4. Your backup codes will be generated → store them in a safe place

Open image-20250602-085633.png

How to set up 2FA for a new device

1. Get the new device_id via “Set up 2FA” endpoint
2. Go to “Set up new device for 2FA” endpoint
3. Fill in the new device_id
4. Insert the code from Google Authenticator in totp_code → press “Send”
5. A success message will appear in the output

Open image-20250602-092610.png

How to enable/disable 2FA from workspace

1. Go to “Enable/Disable 2FA for workspace” endpoint
2. On the “Body” tab → select true or false to activate/deactivate it
3. Press “Send” → a confirmation message will appear

Open image-20250602-092830.png

How to remove 2FA from a device

1. Go to “Revoke device for 2FA” endpoint
2. Go to “Body”
3. Fill in the device_id you wish to remove → press “Send”
4. A success/failure message appears as output

Open image-20250602-090525.png