Enabling 2FA for user:
https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa
Enabling and enforcing 2FA for organization
View 2FA usage
You can see which organization owners, members, and outside collaborators have enabled two-factor authentication.
Note: You can require that all members, including, owners, billing managers and outside collaborators in your organization have two-factor authentication enabled. For more information, see "Requiring two-factor authentication in your organization."
In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
Click the name of your organization.
Under your organization name, click People.
To view organization members, including organization owners, who have enabled or disabled two-factor authentication, on the right, click 2FA, and select Enabled or Disabled.
To view outside collaborators in your organization, under the "People" tab, click Outside collaborators.
To view which outside collaborators have enabled or disabled two-factor authentication, on the right, click 2FA, and select Enabled or Disabled.
Prepare to require 2FA
We recommend that you notify organization members, outside collaborators, and billing managers at least one week before you require 2FA in your organization.
When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories.
Before requiring 2FA in your organization, we recommend that you:
Enable 2FA on your personal account
Ask the people in your organization to set up 2FA for their accounts
See whether users in your organization have 2FA enabled
Warn users that once 2FA is enabled, those without 2FA are automatically removed from the organization
Require 2FA
Organization owners can require organization members, outside collaborators, and billing managers to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.
About two-factor authentication for organizations
Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. You can require all members, outside collaborators, and billing managers in your organization to enable two-factor authentication on GitHub. For more information about two-factor authentication, see "Securing your account with two-factor authentication (2FA)."
You can also require two-factor authentication for organizations in an enterprise. For more information, see "Enforcing policies for security settings in your enterprise."
Warnings:
When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization.
If an organization owner, member, billing manager, or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
Prerequisites
Before you can require organization members, outside collaborators, and billing managers to use two-factor authentication, you must enable two-factor authentication for your account on GitHub. For more information, see "Securing your account with two-factor authentication (2FA)."
Before you require use of two-factor authentication, we recommend notifying organization members, outside collaborators, and billing managers and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA. For more information, see "Viewing whether users in your organization have 2FA enabled."
Requiring two-factor authentication in your organization
In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
Next to the organization, click Settings.
In the "Security" section of the sidebar, click Authentication security.
Under "Authentication", select Require two-factor authentication for everyone in your organization, then click Save.
If prompted, read the information about members and outside collaborators who will be removed from the organization. Type your organization's name to confirm the change, then click Remove members & require two-factor authentication.
If any members or outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation.
Viewing people who were removed from your organization
To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can search your organization's audit log for people removed from your organization. The audit log event will show if a person was removed for 2FA non-compliance.
In the top right corner of GitHub.com, click your profile photo, then click Your organizations.
Next to the organization, click Settings.
In the "Archives" section of the sidebar, click Logs, then click Audit log.
Enter your search query. To search for:
Organization members removed, use
action:org.remove_memberin your search queryOutside collaborators removed, use
action:org.remove_outside_collaboratorin your search queryBilling managers removed, use
action:org.remove_billing_managerin your search query
You can also view people who were removed from your organization by using a time frame in your search.
Helping removed members and outside collaborators rejoin your organization
If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.