Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) strengthens login security by requiring two steps: the user first enters their password, then provides a one-time code. In Auth.it, this code can either be generated by a TOTP authenticator app or sent by email.
By default, MFA is disabled. To enable it:
- In the Authentication view, locate the Multi-Factor Authentication section.
- Click Enable Multi-Factor Authentication to open the settings window.
- Switch the first toggle from Disabled to Enabled.
Optionally, to require MFA for all users, switch the second toggle from Not required to Required.
By default, Auth.it prompts users to enter a one-time code generated by their authenticator app. The setup screen displays a QR code in a standard format recognized by most apps, including Microsoft Authenticator, Google Authenticator, Authy, 1Password, and FreeOTP.
If you prefer to deliver one-time codes by email, select Email in the Type dropdown.
Click Save changes when you’re done configuring MFA.
Once MFA is enabled and required, the next time a user logs in with their username and password, one of the following happens:
- With app-based MFA, the user is shown a Mobile Authenticator Setup screen to configure their TOTP app (such as Google Authenticator) using a QR code. After scanning the code, they enter a one-time code to complete setup:
On subsequent logins, they’ll be prompted to enter a new one-time code from their authenticator app:
- With email-based MFA, no setup is required. On each login, the user receives an email with a one-time code that they must enter:
