Organization administrators can now require two-factor authentication (2FA) for users who are manually exempted from SSO enforcement.

This provides additional protection for collaborators such as contractors, agencies, or temporary users who aren’t part of your identity provider.

When enforced, these users will be prompted to set up and use 2FA the next time they sign in. This update helps ensure that every account in your organization, including those outside your IdP, meets your security standards.

Learn more in our docs on managing SSO-exempt users and 2FA.