In this article, you'll learn how to set up multi-factor authentication (MFA), which provides higher security for your user account.
Traditional authentication schemes require only a user name and password. With MFA, you are prompted for your user name and password plus an authentication code generated by an authenticator application. This is also sometimes known as two-factor authentication or 2FA. The code generated may be referred to as a one-time password (OTP).
- You'll need an authenticator application on your mobile phone. Most OTP-compliant (one-time password) applications can be used as the second factor for MFA sign-ins to IT Glue, including:
Google | Authy | Duo | AuthAnvil | 1Password | Lastpass | Salesforce | Microsoft | Sophos
Google | Authy | Duo | AuthAnvil | 1Password | Lastpass | Salesforce | Microsoft | Sophos | IBM
Microsoft | Duo | AuthAnvil
- If the authenticator app cannot locate a QR code scanner app on your mobile device, you might be prompted to download and install one. Go to the app store for your device, search for “QR code scanner,” choose one, and install it.
- Your phone’s time MUST be synced with internet time, or you may get a sign-in error.
- Click on your name in the top-right corner of any screen and then select Edit Profile from the drop-down menu.
- Under MFA Settings, click Enable MFA.
- Open the authenticator application you installed above and scan the QR code that is displayed in the Enable MFA dialog box.
Alternatively, you can use the manual configuration option by clicking on Show secret key for manual configuration and then entering the secret key in the authenticator application.
- In the Verify MFA Code box, enter the MFA code from the authenticator application to verify the pairing and then click Enable.
After you set up your MFA, you are returned to the Edit Profile screen where you can generate a recovery code. Store your recovery code in a safe place, such as an encrypted notes app.
You can regenerate this code at any time (the earlier generated code will be invalidated).
If there are any problems performing these instructions:
- Check that the phone’s time is synced with internet time.
- Try the manual configuration (secret key) option instead of the QR code.
- Reboot the phone.
Can I enroll more than one device at a time?
Yes, you can enroll more than one device at a time. If you enable one, finish the process, and then enable another, it disables the first one. But, if you enable them both by scanning the same QR code (as shown in the Enable MFA dialog box further above), then they should both work. Although not required, having more than one device enrolled can help you avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.
How do I sign in with my recovery code?
If you don't have access to the mobile device associated with your MFA settings, simply enter your recovery code into the MFA Code field when you sign in. This code can only be used once.