MFA enforcement for non-SSO logins

Change effective on 10 January 2023

Starting January 10, 2023, we are enforcing Multi-Factor Authentication (MFA) for all non-SSO Heroku users logging into the Heroku Dashboard and CLI. If your account is not configured for MFA or SSO, you will be prompted to set up MFA at your next login.

All new users are prompted to set up MFA when they create their Heroku account.

We strongly recommend that all users set up a secondary verification method under Account Settings in case you lose your primary verifier.

If you have SSO enabled for Heroku, you are required to enable MFA with your SSO provider. For more information on the MFA requirement, see our MFA FAQ.