Issue
Which Heroku users and login types are affected by the MFA requirement?
Resolution
All Heroku users must use MFA for every login through the Heroku web user interface (known as Heroku Dashboard).
This includes logins that use -
- an email and password
- single sign-on (SSO)
- logins originating from Heroku CLI that open a web browser
MFA isn’t required for API integrations that use an API key or a Heroku Direct Authorization.
Viewing or generating an API key or Direct Authorization does require users to log in through the web interface using MFA.