Setup and Use Multi-Factor Authentication

Multi-factor authentication (MFA) is a security measure that requires users to enter a dynamically generated eight-digit verification code in addition to their username and password when logging into the application.

With Email MFA, non-native users will be restricted from signing into the application. Even if someone manages to get your identity, they would still be stopped from getting into your application account unless they identify themselves with the OTP.

From the the Users Configuration settings, specify the Username(valid email address), set the login method to Native and finally enable the Email OTP verification(check box).

When MFA is activated for your business user, an Email alert is sent to the user prompting to use the verification code to log into the application.

To authenticate, users must enter a One-Time Password (OTP) within the allotted time. Each OTP code remains valid for about five minutes. If a user takes too long to enter the OTP code, the login session expires, and the authentication attempt fails. In such cases, the user must request the administrator to resend the OTP and restart the login process. As an administrator, you can reset the OTP and provide the new code to the user to initiate the login process. 

Q. What if Exto refuses to authenticate user with OTP code?

A. Each code is valid for about 30 seconds only. If the user dosen't enter the code quickly, a new code has to get generated. Users need to request the administrator to resend the OTP. If the problem continues, please contact Support. 

Q. Which users will be allowed to log into Exto?

A. Only users who have enrolled for Multi-factor authentication will be allowed to sign-in to the system. The site administrator needs to enable MFA for these users.

Q. How do I get MFA enabled for my users?

A. As of now, enable by sending a request.