Multi-factor authentication (MFA) adds a layer of protection to the sign-in process. When turned on, to access the platform a user must provide additional identity verification.
Only the Master Admin user role can enable MFA. MFA is enabled at the account level, meaning it is turned on for all users in the account, including for the Master Admin who enabled it.
MFA can be configured using the following factors: trusted IPs and TOTP.
Trusted IPs protect against unauthorized sign-ins by restricting user access to a defined set of IP addresses.
Time-based one-time password (TOTP) requires users to enter a code generated by an authenticator app to sign in.
For best security, we recommend enabling both trusted IPs and TOTP.
If both factors are enabled, we prioritize trusted IPs:
- Trusted IPs enabled: A user can sign in only from within a trusted IP address range.
- Enable TOTP is enabled: A user can sign in only by entering a code generated by an authenticator app.
- Trusted IPs and TOTP are enabled: A user can sign in without a code if they are within the IP range. A user must enter the TOTP code if they are outside the IP range.
To configure MFA:
1. In the bottom-left corner, click the Master Admin account > Account info.
2. Select the Security tab and then select MFA.
3. Enable trusted IPs and/or TOTP. (See below for details.)
4. Turn on the Enable MFA toggle.
5. Enter your password and select Confirm.
6. Select Save.
Note: To save certain settings, the Master Admin must also enter the TOTP code if TOTP has been enabled. If trusted IPs is also turned on but the Master Admin is signed in from a trusted IP, the admin will not be asked for a code.
Trusted IPs factor
1. Turn on the Enable trusted IPs toggle.
2. Enter the start and end IP addresses of the necessary ranges.
Note: If you want to allow logins from a single IP address, enter the same address in both fields.
3. Enter your password and select Confirm.
4. Select Save.
1. Turn on the Enable sign in with TOTP toggle.
2. Enter your password and select Confirm.
3. Select Save.
After you enable TOTP and enable MFA, on the next sign-in each user will be prompted to set up TOTP using an authenticator app.