Managing MFA settings for Admin Roles
Secureframe strongly recommends Multi-Factor Authentication (MFA) for users with super admin, admin, and auditor roles when signing in via email/password or magic link. MFA adds an extra layer of protection by requiring identity verification through a secondary method.
Super Admins can also configure MFA for additional user roles as needed, outside of the default roles.
By default, MFA is enabled for Super Admin, Admin, and Auditor roles to protect sensitive access. Super Admins can adjust these settings, either enabling or disabling MFA for these roles or extend it to additional roles, via the Company Settings page.
To manage Multi-Factor Authentication (MFA) settings:
Click your profile icon in the top-right corner
Click Company Settings option
Navigate to the Authentication settings tab
Scroll to the Multi-factor authentication section to adjust settings as needed
Tab will be autosaved after each adjustment
Setting Up MFA
During account setup, whether creating a password or logging in for the first time with Magic Link, you will be prompted to enable MFA.
Important: Before setting up MFA, please ensure that your smartphone’s time and date are set to automatic, as MFA codes are time-based and rely on your device time being in sync. If your device’s time and date are not set to automatic, the MFA codes will not work.
To set up MFA:
Scan the provided QR code or manually enter the setup key into an authentication app (e.g., Google Authenticator or Authy).
Enter the one-time passcode (TOTP) generated by the app to complete the setup.
Save the displayed backup codes in case access to the authentication app is lost in the future.
Once MFA is enabled, you will need to enter a TOTP code each time you log in, regardless of whether you use Magic Link or a password.
Note: Secureframe does not require MFA for Social Login (ex, Google or Office 365), as authentication is handled by the provider.
Setting up MFA after you are already logged in
If you logged in before MFA was required, or you skipped MFA setup during your first login, you may need to enroll before your next session.
Click your profile icon (top right).
Open My Settings.
Go to the Security or Authentication section (wording may vary by role).
Follow the prompts to enroll an authenticator app (scan QR code, enter TOTP, save backup codes).
If you do not see MFA enrollment in My Settings, your organization may require MFA at next login. Log out and sign back in. You should be prompted to set up MFA if your role requires it.
Note: MFA enrollment in Company Settings is for admins configuring which roles require MFA. Individual users enroll MFA from My Settings or at the login prompt.
Lost Access to Your MFA Device?
If you lose access to your MFA device, you can use one of the following recovery methods:
Backup codes: Provided during MFA setup (store them securely!).
Secureframe Support: If backup codes are unavailable, contact Secureframe Support at [email protected] or if you are already in a Live Chat you can "speak to human" since this particular request requires identity verification and assistance in regaining access.
Common Authenticator Apps for MFA
Secureframe supports Multi-Factor Authentication (MFA) through Time-Based One-Time Password (TOTP) authentication, which generates unique, time-sensitive codes for login verification.
Setting up TOTP Authentication
To comply with Secureframe’s MFA requirement, you can use a Time-Based One-Time Password (TOTP) authenticator app. You can use any TOTP app that supports standard MFA protocols. Some commonly used options include:
Using a Password Manager for TOTP
Many password managers offer built-in TOTP support, allowing you to store and autofill one-time codes alongside your passwords. Popular options that offer this feature include:
Check with your provider to see if TOTP authentication is supported.
Frequently Asked Questions (FAQ)
Can I use SMS for MFA instead of an authenticator app?
No, Secureframe only supports Time-Based One-Time Passwords (TOTP) through an authenticator app.
Is MFA required every time I log in?
Yes, MFA is required at every login attempt via Magic Link or direct login with email and password.
I never had to input MFA in this in the past when logging into Secureframe, why am I being asked to do this now?
Secureframe is always looking to improve the security of our customers account and personal information, and MFA is a critical step in protecting against unauthorized access and potential fraud.
MFA adds an extra layer of protection by requiring verification step, making it significantly harder for attackers to gain access to critical data.
What if I set up the wrong authenticator with my account?
If you have linked the wrong authenticator app to your account, please contact our support team for assistance. They will help you regain access and reset your 2FA configuration. Be prepared to verify your identity to ensure account security.
Can I turn MFA off for certain admin roles?
Yes, you can disable MFA.
Secureframe does however recommends keeping MFA enabled to enhance security, protect sensitive data, and reduce the risk of unauthorized access.
I am already logged in but never set up MFA. How do I enable it now?
Try profile icon → My Settings → Security/Authentication and enroll your authenticator app.
If that option is not available, log out and sign back in. If MFA is required for your role, you will be prompted to set up on login.
Ensure your phone's date and time are set to automatic before entering TOTP codes.
If you still cannot find MFA setup and your organization requires it, contact Support to confirm your role settings and enrollment status.