Multi-Factor Authentication (MFA / 2FA)

    What you are going to learn:

  • How to enable MFA
  • How to disable MFA
  • How to verify if MFA is enable with users within an organization

Obkio supports Multi-Factor Authentication (MFA), also known as 2-Factor Authentication (2FA), to secure access to the Obkio App. When MFA is enabled, at login, the user will be asked to enter their password plus a one-time MFA code.

The App supports two types of MFA codes: Authenticator App or Backup Codes. The Authenticator App is the primary method to generate MFA codes. Both Google Authenticator and Microsoft Authenticator Apps on Android and iOS devices are supported.

Enable MFA
Enable MFA

To enable MFA, go to the user security options (Menu -> User -> Security) and click on the Enable Authenticator App button. Then scan the QR code in your preferred Authenticator App (Google Authenticator or Microsoft Authenticator) and confirm the MFA code.

Once enabled, a list of 8 backup code will appear on the screen. It's important to write down the backup codes and store them securely because they will be required if the mobile device is lost or broken. The backup codes will only appear at this time.

Disable Multi-Factor Authentication

Disable MFA
Disable MFA

To disable MFA, go to the user security options (Menu -> User -> Security) and click on the Disable Authenticator App button. A valid MFA code from the Authenticator App or Backup Code is required to disable MFA.

Disable Multi-Factor Authentication

Backup Codes
Backup Codes

A total of 8 backup codes are randomly generated during the MFA activation. The backup codes can be used in case the mobile device is lost or broken. A backup code can only be used once, so if they are used, it is highly recommended to disable MFA and re-enable it again to generate new backup codes.

When a backup code is used, an email is sent to the user to let them know. In case you receive such an email without using a backup code, you must reset your password, disable MFA (which will erase the backup codes) and re-enable the MFA (which will create new backup codes).

List MFA Enabled users
List MFA Enabled users

When listing the users inside an Organization (Menu -> Company Name), the tag MFA ENABLED is shown if the user has MFA Enabled.

At this time, it is not possible to force every user to have MFA Enabled in order to be able to access an Organization. However, we are working on that feature and it should be announced on our Forum within the next months.

List Multi-Factor Authentication Users