Skip to main content

Overview

Multi-Factor Authentication (MFA) adds an extra layer of security to your account by requiring a second form of verification in addition to your password. This tutorial will guide you through setting up two-step verification using an authenticator app.

Step 1: Sign In to Your Account

Sign in to your account using username and password like normal. Make sure you’re signed in with the account you want to secure with MFA.

Step 2: Navigate to Manage Account Page

  1. Click on your profile icon in the bottom left corner
  2. Select Manage Account from the menu
  3. You’ll be redirected to your account management dashboard
Account Management Navigation

Step 3: Setup Two-Step Verification

Access Security Settings

  1. In the account management page, click on the Security section
  2. Click Add two-step verification
  3. Follow the prompts to add authenticator app MFA
Security Settings Page

Save Recovery Codes

  1. Download Recovery Codes: After successful setup, you’ll be presented with backup recovery codes
  2. Store Safely: Save these codes in a secure location (password manager, secure note, etc.)
  3. Important: These codes can be used to access your account if you lose access to your authenticator app
Recovery codes are crucial for account recovery. Each code can only be used once, so store them securely and don’t share them with anyone.

Managing Your MFA Settings

  1. Go to Security Settings
  2. Find the Two-Step Verification section
  3. Click Remove
  4. Confirm your decision (you may need to enter a current MFA code)
Disabling MFA reduces your account security. Only disable if absolutely necessary, and consider re-enabling it as soon as possible.

Organization MFA Enforcement (Admins)

Organization admins can require all members to enable MFA. When enforcement is turned on, members without MFA will be blocked from using the app until they complete setup.

Viewing Member MFA Status

  1. Navigate to Organization Settings > Members
  2. The MFA column shows whether each member has MFA enabled or disabled

Enabling MFA Enforcement

You must have MFA enabled on your own account before you can require it for the organization. If you haven’t set it up yet, follow the steps above first.
  1. Navigate to Organization Settings > Security
  2. Toggle Require MFA on
  3. All members without MFA will immediately see a setup screen the next time they load the app

What Members See When MFA Is Required

Members who haven’t enabled MFA will see a full-screen setup flow that walks them through:
  1. Getting started — explains they need an authenticator app
  2. Scanning a QR code — or entering a secret key manually into their authenticator app
  3. Entering a verification code — the 6-digit code from their authenticator app
  4. Saving backup codes — one-time recovery codes in case they lose access to their authenticator
Once setup is complete, the blocking screen disappears and they can use the app normally.

Disabling MFA Enforcement

  1. Navigate to Organization Settings > Security
  2. Toggle Require MFA off
  3. Members will no longer be required to have MFA, though any existing MFA setup remains active on their accounts
Disabling enforcement does not remove MFA from member accounts — it only stops requiring it. Members who have already set up MFA will keep it active.

How MFA Works Once Setup

  1. Sign In: Enter your username and password as usual
  2. Second Factor: Provide a time-based code from your authenticator app
  3. Access Granted: Successfully access your account with verified identity