Skip to main content

Multi-factor authentication

/settings/mfa

Per-user TOTP enrolment for native (non-SSO) authentication. SSO users typically rely on their identity provider's MFA instead.

Enabling

Click Enable. The page shows:

  • A QR code to scan in any TOTP app (Google Authenticator, Authy, 1Password, etc.)
  • A backup secret string for manual entry

After scanning, enter the 6-digit code from the app to verify and complete enrolment. From then on, login requires the rolling 6-digit code in addition to your password.

Disabling

Click Disable. The page asks for:

  • Your password
  • A current 6-digit code from the app

Both are required to disable MFA — preventing an attacker who has only your password from removing this protection.

Lost device

If you lose access to your TOTP app:

  • Your tenant admin can reset MFA on your account from Settings → Users, removing the enrolment so you can re-enrol with a new device.
  • For SSO users, recovery goes through the IdP, not FrontLine.