Multi-Factor Authentication (MFA) for Admins

Multi-Factor Authentication (MFA) adds an extra layer of security, requiring a code from an authenticator app. By default, all users can enable MFA for their own accounts. As a Super Admin, you can enforce MFA to make it mandatory for your entire admin team.

How MFA Works

  • MFA is available to all users (optional by default).
  • Super Admins can enforce MFA for all admins.
  • When MFA is enforced, the Super Admin must first complete MFA setup on their own account
  • Once enforced, all admins will be required to set up MFA on their next login
  • Super Admins can see which admins have enabled MFA.

How to Enforce MFA for Your Admin Team

  1. Go to Settings → User Management.
  2. In the Multi-Factor Authentication section, check Enforce for administrators.
  3. Once enforced, all team admins - including you, will be prompted to set up MFA.

What Admins Experience

When enforced:

  • Admins will be prompted to set up MFA at login.
  • They’ll scan a QR code with an authenticator app and enter the verification code.
  • MFA will be required on every login afterward.

Viewing MFA Status

  • In the User Management list, you can see which admins have set up MFA.
  • Super Admins can remove MFA for any admin from User Management, and admins can also remove MFA from their own account settings.
  • Even if you don’t enforce it, you’ll still have visibility of who has MFA enabled on their account.

Reset or Remove MFA for an Admin

If an admin is unable to access their account (for example, lost access to their authenticator app), MFA can be removed and set up again.

There are two ways to remove MFA:


1. Super Admin: Remove MFA for another admin

  1. Go to Settings → User Management
  2. Find the admin in the list
  3. Click Remove MFA next to their status

Once removed:

  • The admin will be able to log in without MFA
  • They can set up MFA again from their account settings

2. Admin: Remove MFA from your own account

  1. Go to Account Settings
  2. Locate the Multi-Factor Authentication (MFA) section
  3. Click Remove MFA

Once removed:

  • MFA will no longer be required for login
  • You can enable it again at any time

When should you remove MFA

  • Lost access to your authenticator app
  • Changed or reset your device
  • Unable to complete MFA during login

FAQs

Q: Can admins enable MFA without enforcement?

Yes, admins can enable MFA individually at any time from their account settings.


Q: Can MFA be removed if someone is locked out?

Yes. A Super Admin can remove MFA for any admin from User Management, or users can remove it themselves from Account Settings if they have access.


Q: What happens if I enforce it later?

Admins who haven’t set it up will be required to do so upon next login.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us