Not enabling 2FA puts us risk to fail security audits (all 3rd party access must have 2fa enabled) and prevents us from inviting guests, but enabling it for sso users makes them hate us.

Hello, commenting on this, definitely a need for the same reasons highlighted by Matthew Wasbrough. We enforce 2FA on our (internal) identity provider, so no need for 2FA for us, but for guests/supporters who use username/password, this is a must. Having the possibility to divide this the same way it happens for the SSO makes a lot of sense.

Commenting to try and boost visibility, also related to https://feedback.clickup.com/feature-requests/p/2fa-mandatory-for-guests-only-but-not-members

With SSO turned on for full members (for my company) Microsoft already has 2FA enforced so this isn't needed for full members. Guests cannot use the same Microsoft SSO as they are external to the company, but I would like to enforce 2FA for them.

Just to add to this, my understanding is that 2FA is "all or nothing".

I'd love the ability to granularly enforce 2FA for non-SSO users this should cover guest access too as there might be some users with the need to sharing sensitive data and this extra layer would be great to see.

Same problem here, the 2FA has a bit left to desire. I.e., it would be nice to enforce it only for password logins, and to also be able to trust a device so we don't have to use it every time on the same device.

I agree It would be great if you could add an option, forcing the 2fa only for users managed in ClickUp.

How can we solve a login issue with 2fa when the app is uninstalled or the device is lost?