Hey, how can we help?

Doppler supports a variety of MFA/2FA options including Authy, OTP, and Security Keys (e.g., Yubikeys). Enabling MFA/2FA is done via your account settings page, which is available via the Account option in the Avatar menu in the top right corner of the Doppler dashboard.

On that page, there's a section titled Multi-Factor Authentication (MFA) that looks like this:

If this section is not showing up on your account settings page, this is because your workplace has SAML SSO enabled. When SAML SSO is enabled, we hide these settings and essentially offload the MFA to the SSO IdP (e.g., if MFA is desired, then it should be enforced in Okta, Google, or whatever IdP you use when SSO is enabled). 

If you're seeing reserved Class E IP addresses (i.e., addresses in the 240.0.0.0 to 255.255.255.255 range) show up in your Account settings page for your Sessions or in Access Logs, then you're running into something called a Pseudo IPv4 address. This is a feature provided by Cloudflare to provide IPv6 compatibility with IPv4-only applications.

If an IPv6 request to Doppler comes through, Cloudflare will associate an IPv4 address pulled from the reserved Class E IP space with it. That IPv4 address is then what's passed on to the underlying application behind Cloudflare (i.e., Doppler). As a result, this IPv4 address will show up in Access Logs and your account Sessions list as your IP address.

In the future, we plan to disable this feature and display the IPv6 address in situations like this, but for now the pseudo IPv4 address will continue displaying.

If you've enabled SAML SSO on your account and the configuration wasn't quite right such that you're locked out, there is actually an easy way to get back into your account! When you enable SAML SSO, we send out an email titled SAML has been enabled that looks like this:

As you can see, it includes a Disable SAML button. The link that button follows is valid for 24 hours from the time you enabled SAML SSO. So, just click that button and it should disable SAML SSO on your workplace so you can log in via the same method you were using prior to enabling it.