Overview
To align with global security standards, 8x8 is implementing important updates to our login requirements.
This article answers common questions regarding the rollout of mandatory Multi-Factor Authentication (MFA) for all users of the 8x8 Authentication authentication method.
 |
IMPORTANT: The following are not affected by this change:
Also, see our Resources section below for a quick useful list of public KB articles about MFA. |
The following topics are covered here:
- General Questions and Answers
- Questions about Timeline and Action Required
- Questions about Managing MFA
- Questions about Support
- Resources
Applies To
- 8x8 Admin Console
- Multi-Factor Authentication (MFA)
General Questions and Answers
What changes are being made regarding 8x8 login security?
To keep accounts secure, 8x8 is making Multi-Factor Authentication (MFA) the standard for all accounts. While MFA was previously enabled for system administrators, this requirement is being expanded to include all users who log in using 8x8 credentials.
Why is 8x8 making this change?
We are committed to keeping your accounts secure. This update is part of our ongoing efforts to align with the latest global security standards and protect your organization from compromised accounts.
When were notifications sent to customers about this?
If you need the notification & reminder email dates for the MFA transition, or if you need a reminder of your scheduled MFA transition date, please Contact 8x8 Technical Support and ask them to provide this information to you.
Note that 8x8 application users were sent an in-app notification about the MFA transition.
What’s the difference between the 8x8 Authentication and Single-Sign On (SSO) options?
8x8 provides the ability to enable and use either of two different means of login authentication for 8x8 applications:
- 8x8 Authentication: This method is provided directly by 8x8, and does not use – or require the use or configuration of – a third-party identity provider.
- In this case 8x8 users would simply enter a login ID and password and also pass the MFA authentication to log into 8x8 apps, as needed.
- Single-Sign On (SSO): This method allows customers to use a third-party identity provider to govern 8x8 application login authentication, such as Microsoft Azure/Entra, Okta, Google, and other SAML SSO providers.
- In this case 8x8 Authentication (and its MFA) are not required, because the identity provider handles authentication.
Note that both of these methods can be enabled at the same time, if desired.
Who is affected by this change?
This change applies only to customers and users who use 8x8 Authentication (username and password) to access their services.
Who is NOT affected by this change?
- Users who log in to 8x8 applications using a third-party identity provider, such as Microsoft Azure AD/Entra or Okta, will not be affected by this change, as the provider manages their authentication.
- Desk phones and other physical phone devices: These devices do not require manual authentication, so they are not in any way affected by this change.
Does this apply to Administrators?
All administrators already have MFA enabled for their 8x8 logins, even if they currently use an external identity provider for authentication.
Questions about Timeline and Action Required
When will MFA become mandatory?
MFA will become mandatory for all accounts using 8x8 Authentication beginning in early 2026. The rollout began on February 12, 2026, with enforcement taking place in phases through March 31, 2026.
Will I receive advance notice before it becomes mandatory?
Yes. We are taking a phased approach to this rollout, and advance notifications have already been sent via email, well before MFA becomes mandatory for your specific account.
Can I enable MFA before the deadline?
Yes, and we strongly encourage it — you do not need to wait for the mandatory enforcement date.
Administrators can enable MFA for their organization immediately, using the existing controls in the 8x8 Admin Console > Identity and Security > 8x8 Authentication.
What will happen if I don't take action?
Once the mandatory change date is reached for your account, users who log in using 8x8 Authentication will be required to set up and use MFA verification methods to access their applications.
Questions about Managing MFA
How do I turn on MFA for my users?
Administrators can log in to the 8x8 Admin Console to enable these settings in Identity and Security > 8x8 Authentication > Multi-factor authenticator for all users.
Detailed step-by-step instructions for enabling MFA for your organization can be found in our Knowledge Base article:
Can I request an exemption for my account?
To ensure the security of the platform and compliance with industry standards, exemptions will not be offered.
Can I disable MFA after enabling it?
Administrators can enable and disable this setting until the deadline has been reached. However, once the mandatory enforcement phase begins for your account, the ability to disable MFA will be removed to ensure consistent security compliance.
Will admins still be able to set a timeframe for the service to prompt an MFA check for users?
Yes, while MFA will be required for logins using 8x8 SSO, administrators can still configure the MFA timeframe setting: Check multi-factor on user device every to either 1-90 days, or Always.
Questions about Support
I am having trouble logging in. What should I do?
If you are unable to log in or need assistance setting up your verification methods, please contact your organization's system administrator for help.
How do I get support for my organization?
If you require further assistance with the rollout, please Contact 8x8 Technical Support directly.
Resources
- Using Multi-factor Authentication (MFA) in 8x8 X Series
- Enabling and Configuring Multi-Factor Authentication (MFA) in 8x8 X Series
- Resetting Multi-Factor Authentication (MFA) in 8x8 X Series
- Changing Multi-Factor Authentication (MFA) and Getting Backup Codes in 8x8 X Series