In this article, you'll learn how to set up multi-factor authentication (MFA), which provides higher security for your user account.
Traditional authentication schemes require only a user name and password. With MFA, you are prompted for your user name and password plus an authentication code generated by an authenticator application. This is also sometimes known as two-factor authentication or 2FA. The code generated may be referred to as a one-time password (OTP).
- You must install an authenticator application on your mobile phone. Most OTP-compliant (one-time password) applications can be used as the second factor for MFA sign-ins to IT Glue. Click on a link for instructions.
Note: You will need a separate QR code scanner application installed on your mobile phone to use the QR code in the enabling MFA instructions below.
- Keep in mind that once you set up MFA, you will always use your mobile phone to generate the OTP.
- Make sure your mobile phone’s time is automatically set. The code displayed by the authenticator application changes frequently. If your phone's time is set manually and the authenticator application and IT Glue gets out of sync, this could result in a sign-in error.
- Click on your name in the top-right corner of any screen and then select Edit Profile from the drop-down menu.
- From the Edit Profile screen, under MFA Settings, click Enable MFA.
- Open the authenticator application you installed above and scan the QR code that is displayed in the Enable MFA dialog box.
- Alternatively, you can use the manual configuration option by clicking on Show secret key for manual configuration and then entering the secret key in the authenticator application.
After you set up your MFA, you are returned to the Edit Profile screen where you can generate a one-time MFA recovery token. Store your recovery code in a safe place. If you lose your phone, you can use this token to sign in to your account and reset your MFA settings.
Dialog box with the QR code and manual configuration option
If there are any problems performing these instructions:
- Try a different QR code scanner.
- Reboot the phone.
- Disable and then re-enable MFA in your IT Glue profile.
- Try the manual configuration (secret key) option instead of the QR code.
Can I enroll more than one device at a time?
Yes, you can enroll more than one device at a time. If you enable one, finish the process, and then enable another, it disables the first one. But, if you enable them both by scanning the same QR code (as shown in the Enable MFA dialog box above), then they should both work. Although not required, having more than one device enrolled can help you avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.
How do I generate a new MFA recovery token?
If you already have MFA activated, you don't have to change your existing setup to generate a new recovery token.
Just navigate to the Edit Profile screen and click Click here to generate a new one-time MFA recovery token.
IT Glue will then give you a MFA recovery token to store in a secure place. Note: You can regenerate a new code at any time (your previously generated code will be invalidated).
How do I sign in with my recovery token?
If you don't have access to the mobile device associated with your MFA settings, simply enter your recovery token into the MFA Code field when you sign in. The recovery token can only be used once.