Set Up Mandatory Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) secures your Emplifi account by requesting a verification code in addition to providing a username and password to log in. Having MFA in place helps you minimize the risk of data breaches, malware, and other forms of cyberattacks.

This article describes the steps you need to perform in a third-party product. The process and changes in the user interface in third-party products are subject to change beyond our control, and Emplifi therefore accepts no liability associated with them.

How the mandatory multi-factor authentication works

When you choose to use the mandatory multi-factor authentication (MFA), it gets turned on at the level of the Emplifi account and is forced to all users in this account.

All users in the account are required to provide a verification code after they submit their email and password on the Emplifi login screen.

By default, the verification code is delivered to the email that they use to log in to the Emplifi account. An individual user can add an authenticator application to their MFA to obtain the code from the application instead of the email (see “Add an authenticator application to your multi-factor authentication” further in this article).

The users cannot disable MFA for themselves.

The mandatory MFA is turned on by Emplifi Support. To get it turned on for your Emplifi account, contact your Customer Success Manager.

Add an authenticator application to your multi-factor authentication

By default, the verification code is delivered to the email that you use to log in to the Emplifi account. You can add an authenticator application to your multi-factor authentication (MFA) and obtain the verification code from the application instead of your email.

To be able to do that, you will need to install and set up an authenticator application on your mobile device.

You can switch back to obtaining the code via your email whenever needed (see “Remove the authenticator application from your multi-factor authentication” further in this article).

In this article, Google Authenticator is used as an example of the authenticator application that you can use. However, you can choose a different authenticator application (for example, Duo Mobile or Authy). Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.
Use either your own mobile device or a mobile device that only you have access to.

Steps:

Install Google Authenticator on your mobile device.
Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and toggle the switch next to the Authenticate with authenticator app option to ON.
A pop-up dialog with the QR code and the activation code opens.
Open Google Authenticator on your mobile device, and tap the plus button at the bottom right.
Choose one of the following options:
- Scan a QR code
  Scan the QR code displayed on the Emplifi pop-up dialog.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
- Enter a setup key
  Enter Emplifi as the account name, enter the activation code from the Emplifi pop-up dialog, and tap Add.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
Go back to the Emplifi account, and click Next Step on the pop-up dialog.
You are asked to enter the code from Google Authenticator.
Enter the code generated by Google Authenticator, and click Enable.
Recovery codes for your Emplifi user are generated and displayed. The recovery codes can be used to log in to your Emplifi account when you cannot access the authenticator application and your email.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
If you do not do it now, you can do it at any time later (see “Download the recovery codes” further in this article).
Click Done.
The pop-up dialog closes.
The switch next to the Authenticate with authenticator app option is set to ON.
You can now use Google Authenticator to get the verification code.

From now on, each time you log in to the Emplifi account, you will be asked to provide the code from your authenticator application. The verification code will not longer be sent to your email.

Do not delete the authenticator application from your mobile device, and do not delete the Emplifi account from the authenticator application. Without the code from your authenticator application, you may not be able to log in to the Emplifi account.

If you need to delete the authenticator application from your mobile device, first remove the authenticator application from your MFA (see “Remove the authenticator application from your multi-factor authentication” further in this article).

Remove the authenticator application from your multi-factor authentication

Removing the authenticator application switches you to the default method of delivering verification codes: the email that you use to log in to the Emplifi account.

The recovery codes that were generated when you were adding the authenticator application to your multi-factor authentication (MFA) remain valid after you remove authenticator application - until you generate a new set of recovery codes.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and toggle the switch next to the Authenticate with authenticator app option to OFF.
You are asked to confirm whether you want to remove the authenticator application.
Confirm the removal.
The switch next to the Authenticate with authenticator app option is set to OFF.

From now on, each time you log in to the Emplifi account, you will be asked to provide the code from your email. The verification codes from Google Authenticator are no longer valid and will not be accepted by the Emplifi platform.

If you want, you can now delete the Emplifi account from your authenticator application.

Transfer your multi-factor authentication to a different mobile device

This section is applicable only if you use an authenticator application to get the verification code.

When you get a new mobile device, transfer your multi-factor authentication (MFA) from your current device to the new one.

To be able to transfer your MFA, you will need to install and set up an authenticator application on your new mobile device.

In this article, Google Authenticator is used as an example of the authenticator application that you can use. However, you can choose a different authenticator application (for example, Duo Mobile or Authy). Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.
Use either your own mobile device or a mobile device that only you have access to.

Steps:

Install Google Authenticator on your new mobile device.
Log in to your Emplifi account using the verification code from Google Authenticator on your current mobile device, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click Add new app.
A pop-up dialog with the QR code and the activation code opens.
Open Google Authenticator on your new mobile device, and tap the plus button at the bottom right.
Choose one of the following options:
- Scan a QR code
  Scan the QR code displayed on the Emplifi pop-up dialog.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
- Enter a setup key
  Enter Emplifi as the account name, enter the activation code from the Emplifi pop-up dialog, and tap Add.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
Go back to the Emplifi account, and click Next Step on the pop-up dialog.
You are asked to enter the code from Google Authenticator.
Enter the code generated by Google Authenticator on your new mobile device, and click Enable.
Recovery codes for your Emplifi user are generated and displayed. The previous recovery codes that were generated for the authenticator application on your current device are no longer valid.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
If you do not do it now, you can do it at any time later (see “Download the recovery codes” further in this article).
Click Done.
The pop-up dialog closes. MFA is now transferred to your new mobile device.
MFA on your current mobile device is no longer valid, and its codes will not be accepted by the Emplifi platform.

If you want, you can now delete the Emplifi account from your authenticator application on the current mobile device.

Do not delete the authenticator application from your new mobile device, and do not delete the Emplifi account from the authenticator application on the new mobile device. Without the code from your authenticator application on the new mobile device, you may not be able to log in to the Emplifi account.

If you need to delete the authenticator application from your new mobile device, first remove the authenticator application from your MFA (see “Remove the authenticator application from your multi-factor authentication” earlier in this article).

Generate recovery codes

Recovery codes can be used to log in to your Emplifi account when you cannot access the authentication application or your email.

Usually, recovery codes are automatically generated for your Emplifi user when you are adding an authentication application to your multi-factor authentication (MFA). However, you can generate the recovery codes without adding an authenticator application to your MFA.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click Generate Codes.
Recovery codes for your Emplifi user are generated and displayed.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
Close the pop-up dialog.

Download the recovery codes

If you have added an authenticator application to your Emplifi user or generated recovery codes without adding an authentication application, the recovery codes are stored in your user account settings. They remain valid until you generate a new set of recovery codes even if you removed the authenticator application.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click View Codes.
A pop-up dialog with the recovery codes opens.
Save the codes in a secure location.
Close the pop-up dialog.

Regenerate the recovery codes

You can regenerate the recovery codes at any time (for example, you have used all the recovery codes and need new ones). Generating new recovery codes makes all the previously generated recovery codes invalid.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click View Codes.
A pop-up dialog with the recovery codes opens.
Click Generate new codes.
A new set of recovery codes is generated and displayed.
A notification about the recovery codes having been regenerated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
Close the pop-up dialog.

FAQ

I do not receive emails with the verification code. I cannot log in to the Emplifi account. What should I do?
When entering your email address and password on the Emplifi login screen, make sure that you are entering the email that is tied to your user account, and check it for typos or other mistakes.
If the email is correct, contact Emplifi Support at support@emplifi.io. The Support team will confirm whether the email you are entering is the one that is used in your Emplifi user account. If the email matches, the Support team will investigate the issue and advise you on further actions depending on the investigation results.

The email was not sent.
The Support team will check why the Emplifi servers have not sent the email to your email address.
The email was sent but was not delivered (bounced back).
There may be a few reasons why an email bounces back. For example, your inbox may be full or your company may have a security policy in place that marks Emplifi emails as spam. In this case, the Support team will recommend that you contact your IT department.
The email was sent and delivered but you still cannot see it in your inbox.
The Support team will recommend that you contact your IT department.

While waiting for the investigation results, you can use one of the recovery codes to log in if you have previously generated them. The option for using a recovery code is available on the Emplifi login screen where you are asked to enter the verification code.

Do you offer any methods of obtaining the verification code other than using an email or an authenticator application (for example, by SMS)?
No, we do not offer any other methods.

Can I use any authenticator application other than Google Authenticator?
Yes, you can use a different application, for example, Duo Mobile or Authy. Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.

I lost access to my authenticator application but I am still logged in to the Emplifi account. What should I do?
Choose one of the following options:

Transfer your MFA to a different authenticator application (to a different mobile device with an authenticator application installed). Doing so will revoke MFA in your previous authenticator application. See “Transfer your multi-factor authentication to a different mobile device” earlier in this article.
Remove the authenticator application from your MFA. Doing so will switch you to the default method of delivering verification codes: the email that you use to log in to the Emplifi account. See “Remove the authenticator application from your multi-factor authentication” earlier in this article.
You can later add the authenticator application back to your MFA if you want (see “Add an authenticator application to your multi-factor authentication“ earlier in this article).

I lost access to my authenticator application and cannot get the verification code. I cannot log in to the Emplifi account. What should I do?
Try the following options:

Use one of the recovery codes that were generated for your Emplifi user when you were adding the authenticator application to your MFA.
Request a verification code to be sent to the email that you use to log in to the account.

Both options are available on the Emplifi login screen where you are asked to enter the verification code.
If you do not have the recovery codes and cannot access your email, contact Emplifi Support at support@emplifi.io.

If you log in to the Emplifi account with either a recovery code or the verification code sent to your email and if you still cannot access your authenticator application, do one of the following:

Transfer your MFA to a different authenticator application (to a different mobile device with an authenticator application installed). Doing so will revoke MFA in your previous authenticator application. See “Transfer your multi-factor authentication to a different mobile device” earlier in this article.
Remove the authenticator application from your MFA. Doing so will switch you to the default method of delivering verification codes: the email that you use to log in to the Emplifi account. See “Remove the authenticator application from your multi-factor authentication” earlier in this article.
You can later add the authenticator application back to your MFA if you want (see “Add an authenticator application to your multi-factor authentication“ earlier in this article).

The verification code that I get from Google Authenticator is not accepted by the Emplifi platform. I cannot log in to the Emplifi account. What should I do?
Try synchronizing the internal time of your Google Authenticator with the time on the Google servers.
On your Android mobile device, open Google Authenticator, tap the hamburger button at the top left, and then tap Settings -> Time correction for codes -> Sync now. The application confirms the time is synced. Now, try logging in to the Emplifi account and enter the code from Google Authenticator.
The time synchronization option may not be available in Google Authenticator on Apple mobile devices.

I am trying to log in to the Emplifi account but I am asked to provide a verification code that was sent to my email. I have never been asked to enter an additional code before. What is going on?
If you are asked to provide a verification code when trying to log in to the Emplifi account, that means that mandatory MFA has been enabled in this Emplifi account. When mandatory MFA is enabled, you are automatically logged out and are required to confirm your identity with the code sent to the email that you use to log in to the account, or you will not be able to proceed.
After you enter the verification code and log in to the Emplifi account, you can add an authenticator application to obtain the code from the application instead of the email (see “Add an authenticator application to your multi-factor authentication” earlier in this article).

Can I disable MFA for my user account?
No, you cannot disable MFA for your user account. MFA is mandatory.

In my Emplifi account, the mandatory MFA was enabled before July 25, 2024 (see July 25, 2024). At that time, I could only use an authenticator application to get the verification code. Can I use my email instead of the authenticator application to obtain the code?
Yes, you can; see “Remove the authenticator application from your multi-factor authentication” earlier in this article.

My Emplifi account currently has the opt-in MFA (see Set Up Opt-in Multi-Factor Authentication (MFA)). If I decide to switch from the opt-in MFA to the mandatory MFA, how will this affect the users in my Emplifi account?
Once the mandatory MFA is turned on for your Emplifi account, all currently logged-in users will be automatically logged out. When trying to log back in to the Emplifi account, the users will be asked to provide a verification code after they submit their email and password on the Emplifi login screen.

The users who have already enabled the opt-in MFA for themselves and set up an authenticator application will be able to use their current MFA setup to log back in. They will not need to reset it or update it in any way.
These users can keep using the authenticator application. However, as a new option, they will be able to remove the authenticator application if they want to and obtain the verification code from their email (see “Remove the authenticator application from your multi-factor authentication” earlier in this article).
The users who have not enabled the opt-in MFA for themselves as well as any new users who may be invited to the Emplifi account in the future will be asked to provide a verification code sent to the email that they use to log in to the account.
After they enter the verification code and log in to the Emplifi account, they will be able to add an authenticator application and use it to obtain the verification code instead of the email if they want to (see “Add an authenticator application to your multi-factor authentication” earlier in this article).

What will happen if my company implements SSO?
Once SSO is set up, the users in the Emplifi account will no longer be asked to provide the verification code to log in to the account.