Introduction
Problem
“Step-up” authentication prompt using your TFC or HCP credentials
Prerequisites
- SSO enabled for Terraform Cloud Organization
Cause
- Below are two scenarios:
- I. If your Terraform Cloud account is linked to HCP account , then the additional prompt in the screenshot below should appear during the general SSO sign-in workflow. After you enter your HCP credentials you should be logged into Terraform Cloud.
- II. For non-HCP linked accounts and after successfully logging into Terraform Cloud with SSO you will be prompted to enter your Terraform Cloud credentials if any of the following happens:
1) Try to access User Settings (such as to manage 2FA or generate/revoke User API tokens)
2) Your TFC account is part of other organizations with SSO configured with a different SAML IdP. You will need to authenticate to each configured IdP separately.
3) Your TFC account is part of other organizations where SSO is not configured
- I. If your Terraform Cloud account is linked to HCP account , then the additional prompt in the screenshot below should appear during the general SSO sign-in workflow. After you enter your HCP credentials you should be logged into Terraform Cloud.
Solutions:
These additional prompts are expected by design of the SSO workflow. Enter your credentials when requested.
Outcome
Successfully filling out the username and password will give you access to Terraform Cloud.
Additional Information
More details about SSO workflow can be found in the documentation