This improvement enforces multi-factor authentication (MFA) for administrator roles who haven't yet enabled MFA to prevent account takeovers and protect sensitive data.
What's changing with MFA Enforcement for Administrators?
Before, MFA was optional for administrators. That left accounts with elevated access exposed to greater risk if credentials were compromised. Now, if the MFA Enforcement Policy feature is set to Enforced for Admins, all administrators must have an MFA factor setup: SMS or TOTP. If the administrator does not have a MFA factor setup, they will be prompted to set up TOTP.
Before and After
Before (Current)
An administrator signs in with only a username and password.
MFA is optional and not required for high-access roles.
A security breach using stolen credentials could allow access to admin functions.
Impact: Administrator accounts are at higher risk of unauthorized access.
Try the current workflow in your account.
After
Administrator logs in. If MFA is already configured, the administrator is directed to the dashboard.
If MFA is not configured, the administrator follows the TOTP MFA enrollment process.
MFA setup is mandatory and enforced as part of the standard login workflow.
Impact: Administrator accounts are secured against credential-based takeovers.
Test the changes in the NEXT environment.
Who uses this feature
All business types
Default Administrators: Doesn't apply to custom roles named Administrators.
Region availability: All regions
How it works for your industry
A Branch Operations Manager with an Administrator role in ServiceTitan is required to authenticate using TOTP MFA before gaining access.
How to Prepare
Confirm which administrator accounts exist in your company account.
Identify any administrators not currently using SMS or TOTP MFA.
Train your operations to manage MFA onboarding steps.
Align internal security policies with the enforced MFA requirement.