MFA is a simple best practice that adds an extra layer of protection on top of your existing OpenSSH key. See Access an environment via OpenSSH
With MFA enabled, when a user connects to bastion-host, they will be validated by their key pair (the first factor - what they know) as well as for an authentication response from their MFA device (the second factor - what they have). Taken together, these multiple factors provide increased security for your environment.
When MFA is enabled by root360, MFA is enforced for all users incl. root360 customer service staff and project users. Exceptions are not supported. You need to cross-check with your CI/CD integration to ensure your processes are not disrupted.
Following steps are required to enable full MFA support environment access: