Last updated April 05, 2021
Heroku supports the use of third-party authenticator apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm (RFC 6238) as a MFA verification method.
Registering an Authenticator App
For registering a third-party authenticator app as a MFA verification method, start at Account Settings and select
Setup Multi-Factor Authentication (or
Manage Multi-Factor Authentication if you have already enabled other verification methods).
Add One Time Password Generator option on the next page. A page with a QR code will be displayed.
- Download and install the Authenticator App on your mobile device
- Launch the mobile app on your device, choose the option for adding a new account and scan the QR code displayed. If necessary, use the alternative option to enter a setup key if you have trouble scanning the QR code.
- Enter the QR code generated by the app and click ‘Connect` to complete setup.
MFA Verification with an Authenticator App
- After entering your email and password, you will be prompted to enter the code generated by your app.
- Open the app on your mobile device and enter the code displayed for Heroku login
TIP: Authenticator Apps do not require mobile connectivity for generating TOTP codes.