Knowledge Base » Security » Setting Up Multi-Factor Authentication (MFA)

Setting Up Multi-Factor Authentication (MFA)

PlatformAxion SSO Security By Bryan Caddy Nov 30, 2025 9:39 PM 4 views

Setting Up Multi-Factor Authentication (MFA)

Overview

Multi-Factor Authentication adds an extra layer of security to your account by requiring a verification code from your phone in addition to your password.

Why Use MFA?

  • Enhanced Security: Protects against password theft
  • Compliance: Meets security requirements
  • Account Protection: Prevents unauthorized access
  • Required: Some organizations mandate MFA

Supported MFA Methods

  • TOTP (Time-based One-Time Password): Authenticator apps like Google Authenticator, Authy, Microsoft Authenticator
  • Backup Codes: Emergency access codes

Setting Up MFA

Step 1: Access MFA Settings

  1. Log in to SSO Portal
  2. Click your name in top-right corner
  3. Select Profile
  4. Navigate to Security Settings section

Step 2: Enable MFA

  1. Under "Multi-Factor Authentication", click Setup MFA
  2. Choose your MFA provider (usually "Authenticator App")

Step 3: Scan QR Code

  1. Open your authenticator app on your phone:

    • Google Authenticator (iOS/Android)
    • Authy (iOS/Android)
    • Microsoft Authenticator (iOS/Android)
    • 1Password (iOS/Android)

  2. Choose "Add Account" or "Scan QR Code"

  3. Scan the QR code displayed on screen

Can't scan QR code? Click "Enter key manually" and type the secret key into your authenticator app.

Step 4: Verify Setup

  1. Enter the 6-digit code from your authenticator app
  2. Click Verify and Enable
  3. MFA is now active on your account

Step 5: Save Backup Codes

  1. After enabling MFA, backup codes are generated
  2. Click Download Backup Codes or Print Backup Codes
  3. Store these codes in a secure location

Important: Backup codes can only be used once. Keep them safe!

Using MFA to Log In

Standard Login Flow

  1. Enter tenant, email, and password
  2. Click Sign In
  3. MFA verification screen appears
  4. Open your authenticator app
  5. Enter the 6-digit code
  6. Click Verify
  7. You're logged in!

Using Backup Codes

If you don't have access to your authenticator:

  1. On the MFA verification screen, click Use backup code
  2. Enter one of your backup codes
  3. Click Verify
  4. Important: Each backup code works only once

Trust This Device (Optional)

Some organizations allow you to trust devices:

  1. Check "Trust this device for 30 days"
  2. You won't need MFA on this device for 30 days
  3. Still required on new devices/browsers

Managing MFA

Regenerate Backup Codes

If you've used some backup codes:

  1. Go to Profile > Security Settings
  2. Under "Backup Codes", click Regenerate Backup Codes
  3. Old codes are invalidated
  4. Download new codes

Disable MFA

Warning: Only disable MFA if absolutely necessary

  1. Go to Profile > Security Settings
  2. Click Disable MFA
  3. Confirm by entering a verification code
  4. MFA is now disabled

Reset MFA (Lost Phone)

If you lost access to your authenticator:

Option 1: Use Backup Code

  • Use one of your backup codes to log in
  • Immediately disable and re-enable MFA

Option 2: Contact Administrator

  • Contact your tenant administrator
  • They can reset MFA on your account
  • You'll need to set it up again

Administrator: Managing User MFA

Require MFA for All Users

  1. Admin > Settings
  2. Enable Require MFA for all users
  3. Users will be prompted to set up MFA on next login

View MFA Status

  1. Admin > Access
  2. View "MFA Status" column
  3. See who has MFA enabled

Reset User's MFA

  1. Admin > Access
  2. Find the user
  3. Click Reset MFA
  4. User must set up MFA again on next login

Troubleshooting

Code Not Working

  • Check time sync: Authenticator apps require accurate device time
    • Go to phone Settings > Date & Time
    • Enable "Automatic date & time"
  • Wait for new code: Codes change every 30 seconds
  • Try backup code: Use backup code if authenticator fails

Lost Authenticator App

  1. Use a backup code to log in
  2. Go to Profile and disable MFA
  3. Re-enable MFA with new authenticator
  4. Save new backup codes

Backup Codes Not Working

  • Ensure you're entering the code exactly (no spaces)
  • Remember: each code works only once
  • Contact administrator if all codes used

MFA Required But Not Set Up

If organization requires MFA:

  1. You'll be redirected to MFA setup on login
  2. Follow setup steps above
  3. Cannot skip if required by policy

Best Practices

  • Enable MFA on all accounts
  • Store backup codes securely (password manager, safe)
  • Don't share verification codes
  • Use different authenticator app accounts for different services
  • Regenerate backup codes periodically
  • Enable MFA on your authenticator app account itself
  • Test backup codes before storing

Security Tips

  • Never share your authenticator secret key
  • Don't screenshot QR codes
  • Be cautious of phishing attempts asking for codes
  • Report suspicious login attempts
  • Keep your authenticator app updated
  • Use biometric lock on your phone

Support

Need help with MFA?

  • Contact your administrator for account resets
  • Check your organization's security policy
  • Review audit logs for failed MFA attempts

Was this article helpful?

Still need help? Create a ticket

Related Articles

← Back to Knowledge Base