Set Up Opt-in Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) secures your Emplifi account by requesting a verification code in addition to providing a username and password to log in. Having MFA in place helps you minimize the risk of data breaches, malware, and other forms of cyberattacks.

This article describes the steps you need to perform in a third-party product. The process and changes in the user interface in third-party products are subject to change beyond our control, and Emplifi therefore accepts no liability associated with them.

How the opt-in multi-factor authentication works

When you choose to use the opt-in multi-factor authentication (MFA), it becomes readily available as an option for each user in an Emplifi account.

By default, the opt-in MFA is disabled for individual users, and each user can enable and disable it for themselves as they need. Having MFA enabled is not forced.

Enable the opt-in multi-factor authentication for your Emplifi user

To be able to enable the opt-in multi-factor authentication (MFA), you will need to install and set up an authenticator application on your mobile device.

In this article, Google Authenticator is used as an example of the authenticator application that you can use. However, you can choose a different authenticator application (for example, Duo Mobile or Authy). Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.
Use either your own mobile device or a mobile device that only you have access to.

Steps:

Install Google Authenticator on your mobile device.
Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and toggle the switch next to the Authenticate with authenticator app option to ON.
A pop-up dialog with the QR code and the activation code opens.
Open Google Authenticator on your mobile device, and tap the plus button at the bottom right.
Choose one of the following options:
- Scan a QR code
  Scan the QR code displayed on the Emplifi pop-up dialog.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
- Enter a setup key
  Enter Emplifi as the account name, enter the activation code from the Emplifi pop-up dialog, and tap Add.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
Go back to the Emplifi account, and click Next Step on the pop-up dialog.
You are asked to enter the code from Google Authenticator.
Enter the code generated by Google Authenticator, and click Enable.
Recovery codes for your Emplifi user are generated and displayed. The recovery codes can be used to log in to your Emplifi account when you cannot access the authenticator application.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
If you do not do it now, you can do it at any time later (see “Download the recovery codes” further in this article).
Click Done.
The pop-up dialog closes.
The switch next to the Authenticate with authenticator app option is set to ON.
MFA is now enabled for your Emplifi user.

From now on, each time you log in to the Emplifi account, you will be asked to provide the code from your authenticator application.

Do not delete the authenticator application from your mobile device, and do not delete the Emplifi account from the authenticator application. Without the code from your authenticator application, you may not be able to log in to the Emplifi account.

If you need to delete the authenticator application from your mobile device, first disable MFA in your Emplifi user (see “Disable the opt-in multi-factor authentication for your Emplifi user“ further in this article).

Disable the opt-in multi-factor authentication for your Emplifi user

You can disable the opt-in multi-factor authentication (MFA) for yourself as you need. However, we strongly recommend that you keep MFA enabled to protect your Emplifi user from data breaches, malware, and other forms of cyberattacks.

The recovery codes that were generated when you were enabling MFA remain valid after you remove authenticator application - until you generate a new set of recovery codes.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and toggle the switch next to the Authenticate with authenticator app option to OFF.
You are asked to confirm whether you want to disable MFA with the authenticator application.
Confirm the disabling of MFA.
The switch next to the Authenticate with authenticator app option is set to OFF.
MFA is disabled for your Emplifi user.

From now on, you will no longer be asked to provide the verification code when you are logging in to the Emplifi account.

If you want, you can now delete the Emplifi account from your authenticator application.

Transfer your multi-factor authentication to a different mobile device

When you get a new mobile device, transfer your multi-factor authentication (MFA) from your current device to the new one.

To be able to transfer your MFA, you will need to install and set up an authenticator application on your new mobile device.

In this article, Google Authenticator is used as an example of the authenticator application that you can use. However, you can choose a different authenticator application (for example, Duo Mobile or Authy). Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.
Use either your own mobile device or a mobile device that only you have access to.

Steps:

Install Google Authenticator on your new mobile device.
Log in to your Emplifi account using the verification code from Google Authenticator on your current mobile device, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click Add new app.
A pop-up dialog with the QR code and the activation code opens.
Open Google Authenticator on your new mobile device, and tap the plus button at the bottom right.
Choose one of the following options:
- Scan a QR code
  Scan the QR code displayed on the Emplifi pop-up dialog.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
- Enter a setup key
  Enter Emplifi as the account name, enter the activation code from the Emplifi pop-up dialog, and tap Add.
  The Emplifi account is added to Google Authenticator. The verification code is generated.
Go back to the Emplifi account, and click Next Step on the pop-up dialog.
You are asked to enter the code from Google Authenticator.
Enter the code generated by Google Authenticator on your new mobile device, and click Enable.
Recovery codes for your Emplifi user are generated and displayed. The previous recovery codes that were generated for the authenticator application on your current device are no longer valid.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
If you do not do it now, you can do it at any time later (see “Download the recovery codes” further in this article).
Click Done.
The pop-up dialog closes. MFA is now transferred to your new mobile device.
MFA on your current mobile device is no longer valid, and its codes will not be accepted by the Emplifi platform.

If you want, you can now delete the Emplifi account from your authenticator application on the current mobile device.

Do not delete the authenticator application from your new mobile device, and do not delete the Emplifi account from the authenticator application on the new mobile device. Without the code from your authenticator application on the new mobile device, you may not be able to log in to the Emplifi account.

If you need to delete the authenticator application from your new mobile device, first disable MFA in your Emplifi user (see “Disable the opt-in multi-factor authentication for your Emplifi user“ earlier in this article).

Generate recovery codes

Recovery codes can be used to log in to your Emplifi account when you cannot access the authentication application.

Usually, recovery codes are automatically generated for your Emplifi user when you are enabling MFA for your multi-factor authentication (MFA). However, you can generate the recovery codes for yourself if you enabled MFA for your Emplifi user before the functionality of recovery codes was available on the Emplifi platform (see September 4, 2024).

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click Generate Codes.
Recovery codes for your Emplifi user are generated and displayed.
A notification about the recovery codes having been generated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
Close the pop-up dialog.

Download the recovery codes

If you have enabled the opt-in multi-factor authentication (MFA) for your Emplifi user, the recovery codes are stored in your user account settings. They remain valid until you transfer your MFA to a different mobile device or until you generate a new set of recovery codes even if you disabled MFA.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click View Codes.
A pop-up dialog with the recovery codes opens.
Save the codes in a secure location.
Close the pop-up dialog.

Regenerate the recovery codes

You can regenerate the recovery codes at any time (for example, you have used all the recovery codes and need new ones). Generating new recovery codes makes all the previously generated recovery codes invalid.

Steps:

Log in to your Emplifi account, and go to Settings -> Personal settings.
Your user account settings appear.
Click the Security tab, and click View Codes.
A pop-up dialog with the recovery codes opens.
Click Generate new codes.
A new set of recovery codes is generated and displayed.
A notification about the recovery codes having been regenerated is sent to your email. The notification does not contain the recovery codes themselves.
Save the codes in a secure location.
Close the pop-up dialog.

FAQ

Do you offer any methods of obtaining the verification code other than using an authenticator application?
Yes, you can switch your Emplifi account to the mandatory MFA where you can choose between an authenticator application and your email as an additional factor to confirm your identity (see Set Up Mandatory Multi-Factor Authentication (MFA)). For any question, contact your Customer Success Manager.

If I decide to switch from the opt-in MFA to the mandatory MFA, how will this affect the users in my Emplifi account?
Once the mandatory MFA is turned on for your Emplifi account, all currently logged-in users will be automatically logged out. When trying to log back in to the Emplifi account, the users will be asked to provide a verification code after they submit their email and password on the Emplifi login screen.

The users who have already enabled the opt-in MFA for themselves and set up an authenticator application will be able to use their current MFA setup to log back in. They will not need to reset it or update it in any way.
These users can keep using the authenticator application. However, as a new option, they will be able to remove the authenticator application if they want to and obtain the verification code from their email (see see “Remove the authenticator application from your multi-factor authentication” in Set Up Mandatory Multi-Factor Authentication (MFA)).
The users who have not enabled the opt-in MFA for themselves as well as any new users who may be invited to the Emplifi account in the future will be asked to provide a verification code sent to the email that they use to log in to the account.
After they enter the verification code and log in to the Emplifi account, they will be able to add an authenticator application and use it to obtain the verification code instead of the email if they want to (see “Add an authenticator application to your multi-factor authentication” in Set Up Mandatory Multi-Factor Authentication (MFA)).

Can I use any authenticator application other than Google Authenticator?
Yes, you can use a different application, for example, Duo Mobile or Authy. Your choice of the authenticator application may depend on the operating system of your mobile device, security policies of your company, and so on. If your company already uses some multi-factor authenticator applications like Okta Verify or Microsoft Authenticator, you can use these applications for setting up MFA with Emplifi.

I lost access to my authenticator application but I am still logged in to the Emplifi account. What should I do?
Transfer your MFA to a different authenticator application (to a different mobile device with an authenticator application installed). Doing so will revoke MFA in your previous authenticator application. See “Transfer your multi-factor authentication to a different mobile device” earlier in this article.

I lost access to my authenticator application and cannot get the verification code. I cannot log in to the Emplifi account. What should I do?
Try the following options:

Use one of the recovery codes that were generated for your Emplifi user when you were enabling MFA for your Emplifi user.
Request a verification code to be sent to the email that you use to log in to the account.

Both options are available on the Emplifi login screen where you are asked to enter the verification code.
If you do not have the recovery codes and cannot access your email, contact Emplifi Support at support@emplifi.io.

If you log in to the Emplifi account with either a recovery code or the verification code sent to your email and if you still cannot access your authenticator application, transfer your MFA to a different authenticator application (to a different mobile device with an authenticator application installed). Doing so will revoke MFA in your previous authenticator application. See “Transfer your multi-factor authentication to a different mobile device” earlier in this article.

The verification code that I get from Google Authenticator is not accepted by the Emplifi platform. I cannot log in to the Emplifi account. What should I do?
Try synchronizing the internal time of your Google Authenticator with the time on the Google servers.
On your Android mobile device, open Google Authenticator, tap the hamburger button at the top left, and then tap Settings -> Time correction for codes -> Sync now. The application confirms the time is synced. Now, try logging in to the Emplifi account and enter the code from Google Authenticator.
The time synchronization option may not be available in Google Authenticator on Apple mobile devices.

I do not have a mobile device, or I cannot install an authenticator application on my mobile device. What should I do?
You can use a desktop application or a browser plugin (add-on, extension) that can generate one-time codes for sites with MFA. Your choice of the application/plugin may depend on the operating system of your device, security policies of your company, and so on.

If your company already uses some multi-factor authenticator desktop applications/browser plugins, you can use these applications/browser plugins for setting up MFA with Emplifi. Contact the IT department of your company to get recommendations.

What will happen if my company implements SSO?
Once SSO is set up, the users in the Emplifi account will no longer be asked to provide the verification code to log in to the account.