I just wanted to check. I see the 2FA is listed on your website with an hour glass. What is the progress of 2FA?
Are there any other suggestions for security when self-hosting?
Thanks
Hi @dalekirkwood,
while I don’t have any particular timeline for you regarding 2fa, one alternative is to configure Baserow with a SSO provider that has 2fa, and disable standard Baserow login. This will force users to log in using your set method.
Thanks Petrs
That is a great idea, I was thinking something similar - I’m glad to hear that is a viable solution.
Hi Petrs, can you tell me what the status is? Companies who are small dont see a loginprocedure with an email and a password as safe anymore.
That means they don’t want to use Baserow.
Where can I add: SSO URL / Endpoint:, the Certificaat and Entity ID:
Thanks
Bob
We haven’t started on 2fa yet. To use any SSO provider you will need to be self-hosting on an enterprise license plan. In that case you can also contact our support to help you set it up.
Unfortunately…it’s is for a small company…
How we are doing with the 2fa for small business?
Hi @Mangaire1, there are no plans to address this in Q1 2025 although it is a on a tentative plan for this year.
I think it’s important as well to have 2fa.
Bump
Hey @360Creators, 2FA should be released in Q2 
4 Likes
Heyy @olgatrykush! That’s really great to read!! 
Thank you!!
1 Like
@olgatrykush I’m really looking forward to that. Would you also consider opening op part of the notifications to the Premium plan? In order to properly protect your data, you need to be able to monitor suspicious behaviour … right?
Hey @DickHoning, could you please elaborate on this? We currently have these types of notifications, and they are free. Only row comments is a paid feature available in the Premium plan.
Hi @olgatrykush I’m looking for log file viewer where I can see which user logged in when, what api call are made, etc.
Hey @DickHoning, we also have an Audit log, though it only shows specific events listed here: https://baserow.io/user-docs/admin-panel-audit-logs#events-in-the-activity-log. It does not show user login or API call details.
I’ll check with the team if there are any plans to add more events to the list. 
This is not an answer to your question, but it might help.
I use this monitoring script: Fail2Ban or similar for public App access? - which alerts me of failed logins (but gives no details of the username or IP)
To compliment that, I place BaseRow behind Nginx Reverse Proxy and using Fail2Ban. BaseRow responds with a 401 when a logon fails, so monitoring the NPM logs with Fail2Ban lets me see at least the IP addresses of failed logons and also ban them.
You could also monitor the NPM logs for successful logins if you want - and possibly also API calls.
However, none of this allows you to monitor which user logs in unfortunately, but hopefully it’s something.
Hi @DickHoning, we’ve also decided to add a new event to the Audit log that records when a user logs in.
Regarding API requests, we won’t add this event since it would quickly fill up the Audit log—capturing each call would generate lots of data.
Thank you @spook for sharing your approach — it’s very valuable.
Hi @olgatrykush , thanks for adding user log in events to the audit log. Is it possible to make this log available to Premium users?