Secureframe strongly recommends Multi-Factor Authentication (MFA) for users with super admin, admin, and auditor roles when signing in via email/password or magic link. MFA adds an extra layer of protection by requiring identity verification through a secondary method.

Super Admins can also configure MFA for additional user roles as needed, outside of the default roles.

Managing MFA settings for Admin Roles

By default, MFA is enabled for Super Admin, Admin, and Auditor roles to protect sensitive access. Super Admins can adjust these settings, either enabling or disabling MFA for these roles or extend it to additional roles, via the Company Settings page.

To manage Multi-Factor Authentication (MFA) settings:

1. Click your profile icon in the top-right corner
2. Click Company Settings option
3. Navigate to the Authentication settings tab
4. Scroll to the Multi-factor authentication section to adjust settings as needed
5. Tab will be autosaved after each adjustment

Setting Up MFA

During account setup, whether creating a password or logging in for the first time with Magic Link, you will be prompted to enable MFA.

Important Note : Before setting up MFA, please ensure that your smartphone’s time and date are set to automatic, as MFA codes are time-based and rely on your device time being in sync. If your device’s time and date are not set to automatic, the MFA codes will not work.

To set up MFA:

1. Scan the provided QR code or manually enter the setup key into an authentication app (e.g., Google Authenticator or Authy).

2. Enter the one-time passcode (TOTP) generated by the app to complete the setup.
3. Save the displayed backup codes in case access to the authentication app is lost in the future.

Once MFA is enabled, you will need to enter a TOTP code each time you log in, regardless of whether you use Magic Link or a password.

Note: Secureframe does not require MFA for Social Login (ex, Google or Office 365), as authentication is handled by the provider.

Lost Access to Your MFA Device?

If you lose access to your MFA device, you can use one of the following recovery methods:

• Backup codes: Provided during MFA setup (store them securely!).
• Secureframe Support: If backup codes are unavailable, contact Secureframe Support at support@secureframe.com or if you are already in a Live Chat you can "speak to human" since this particular request requires identity verification and assistance in regaining access.

Common Authenticator Apps for MFA

Secureframe supports Multi-Factor Authentication (MFA) through Time-Based One-Time Password (TOTP) authentication, which generates unique, time-sensitive codes for login verification. 

Setting up TOTP Authentication

To comply with Secureframe’s MFA requirement, you can use a Time-Based One-Time Password (TOTP) authenticator app. You can use any TOTP app that supports standard MFA protocols. Some commonly used options include:

• Authy
• Google Authenticator
• Microsoft Authenticator
• Duo Mobile

Using a Password Manager for TOTP

Many password managers offer built-in TOTP support, allowing you to store and autofill one-time codes alongside your passwords. Popular options that offer this feature include:

• 1Password
• Bitwarden
• LastPass

Check with your provider to see if TOTP authentication is supported.

Frequently Asked Questions (FAQ)

Can I use SMS for MFA instead of an authenticator app?

• No, Secureframe only supports Time-Based One-Time Passwords (TOTP) through an authenticator app.

Is MFA required every time I log in?

• Yes, MFA is required at every login attempt via Magic Link or direct login with email and password.

I never had to input MFA in this in the past when logging into Secureframe, why am I being asked to do this now? 

• Secureframe is always looking to improve the security of our customers account and personal information, and MFA is a critical step in protecting against unauthorized access and potential fraud.
• MFA adds an extra layer of protection by requiring verification step, making it significantly harder for attackers to gain access to critical data. 

What if I set up the wrong authenticator with my account?

• If you have linked the wrong authenticator app to your account, please contact our support team for assistance. They will help you regain access and reset your 2FA configuration. Be prepared to verify your identity to ensure account security.

Can I turn MFA off for certain admin roles?

• Yes, you can disable MFA.
• Secureframe does however recommends keeping MFA enabled to enhance security, protect sensitive data, and reduce the risk of unauthorized access.