Multi-factor authentication (MFA) offers users a higher security for accessing their End-to-end platform account. When enabled the user needs to both provide their password and an additional 6-digit code provided by an authentication app. Admin users can enforce this for all users of an account. And if not enforced, single users can still enable it for their user profile.

Enforced MFA

Admin user enforcing MFA

Admin users enforce MFA in Settings > Account. They toggle it on/off and enter a date from when MFA shall be enforced for all the account users. Until that date has passed, setting up MFA will be optional for the account users.

When enabled an information email is sent out to all affected users. A pop up is displayed for the admin user enabling MFA so that they are aware the email will be sent and so they don’t toggle it on/off just for testing the feature.

User set up MFA when enforced by admin

When a user enter their e-mail address to log in to an account that has MFA enforced an information box is displayed next to the login input fields. It tells the user that MFA has been enforced and how many days there are left until user won’t be able to log in without setting up MFA first.

If the date for when MFA will be enforced has not passed, the user is given an option to skip setting up MFA and to log in with only the password.

Unless the user is in time constraints the recommendation is to set up MFA directly to avoid a stressful situation later. The steps needed to set it up is listed for the user in the UI:

1. Install authentication app

1. Link the app to the user profile by scaning the QR code

1. Enter the 6-digit code from the authentication app

1. Validate code

Optional MFA

User opt-in for MFA

A user can choose to enable MFA for their user profile without an admin enforcing it. This is done from the user profile view by clicking Setup MFA.

User set up MFA when opting-in

The steps needed to set it up is listed for the user in the UI:

1. Install authentication app

1. Link the app to the user profile by scaning the QR code

1. Enter the 6-digit code from the authentication app

1. Enter the user profile password

1. Validate code

The steps are the same as when MFA is enforced by an Admin except that the user also have to enter their password. This additional step is to protect unauthorized activation when f.ex. a user has left their computer unattended when already being logged in to the platform.

User log in when MFA is set up

Once MFA is properly set up for a user the user need to verify them self when logging in by first entering username and password and secondly by an additional code from their connected authentication app.

Step 1: Username and password

Step 2: Code from authentication app

Reset MFA

User reset MFA

If the user has access to their authentication app and can create a verification code they can reset MFA on their own from their user profile view by clicking Reset MFA.

The steps needed for a user to reset MFA on their own are:

1. Enter the 6-digit code from the authentication app

1. Enter the user profile password

1. Reset MFA

Resting MFA by yourself can be used f.ex. if the user has bought a new phone and wants to set up MFA using an authentication app in the new phone.

Admin reset MFA

If the user do not have access to their authentication app and hence can not create a verification code they need to ask an Admin for their account to reset MFA for them.

The Admin does this by clicking Reset MFA in the Actions list in Settings > Users.

The steps needed for a user to set up MFA again after that it has been reset by an Admin are the same as when initially setting up MFA.
Please see above for details.