In this article we cover how MFA can be enabled at a department level for increased security, requiring all users in the department to configure an additional authentication method when logging in.
This feature is included in our Growth Plans and available as an add-on to Connect Plans by request. MFA is not available on Launch or Launch Plus plans.
What is Multi-Factor Authentication?
How to Enable Multi-Factor Authentication
How to Disable Multi-Factor Authentication
How to Reset MFA if Authentication Device is Lost
FAQs
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is an authentication method which requires users to provide additional information before logging into Accredible. Rather than only asking for a username and password, MFA requires additional verification factors and decreases the likelihood of a successful cyber attack.
How to Enable Multi-Factor Authentication
MFA can be enabled at a department level, requiring all users in the department to configure an additional authentication method when logging in. Users will be required to use MFA if it is enabled for any of the departments they are associated with.
1. As an admin user (on Growth plans or Connect plans with the add-on) navigate to Settings → Security → Enable MFA
2. Confirm that you are enabling MFA and that MFA will now be required for all team members in the department:
3. Upon MFA being enabled, you will be prompted to set up MFA for your account:
4. Using an authentication app, scan the QR code and input the one-time code provided by the authentication app to configure MFA
Note: Google Authenticator and Microsoft Authenticator are recommended but other authentication apps can be used 
5. MFA is now successfully configured! You will be redirected to the Dashboard
How to Disable Multi-Factor Authentication
1. As an admin user (on Growth plans or Connect plans with the add-on) navigate to Settings → Security → Disable MFA
2. After clicking ‘Disable Multi-Factor Authentication’, you will be prompted to confirm you wish to disable MFA. If you check the checkbox to confirm and click ‘Disable’, MFA will be disabled for the department:
How to Reset MFA if Authentication Device is Lost
1. If a user is unable to log in via MFA because they have lost their authentication device, they can click on ‘Lost access to your authentication device’ when prompted for the one-time code upon logging in:
2. The user is informed that an admin user in their department will need to approve resetting their MFA. The user clicks ‘Send Email to Admin’ to confirm requesting their MFA be reset:
3. The user is informed that an admin user in their department will need to approve resetting their MFA
4. All admin users in the department receive an email notifying them that the user needs their MFA reset. In addition to this email, all admin users in the department will see a banner message on the dashboard indicating that a team member needs their MFA reset.
If the user is only in one department, the ‘Open Dashboard’ button will direct the admin to the Team Members List Note: The ‘Open Dashboard’ link will direct the admin user to the Select Department page if the user is in more than one department)
5. Once an admin user clicks on ‘Open Dashboard’ from the email or ‘Go to Team Member List’ from the dashboard banner, the admin user will see ‘Action Required’ next to the team member who needs MFA reset. The admin user clicks on ‘Reset’ next to the team member in the list
6. The admin user confirms they want to reset MFA for this team member and MFA will be reset
7. Once an admin user resets MFA, the team member will receive an email confirming their MFA has been reset and needs to be configured
FAQs
Does MFA apply to users with SSO login?
No - MFA does not apply to users with SSO login.
How does this “device reset” work? Is it by supplying user with a backup code at the time of setup?
We do not supply users with backup codes. An admin user must manually approve for MFA to be reset for team members within their department.
Which authentication apps can be used?
We recommend using Google Authenticator or Microsoft Authenticator. However, any authentication app that can scan a QR code and provide a one-time code can be used (e.g. 1Password).