In this article you can find out, how to manage your MFA in Shiftbase.
Multifactor authentication (MFA) adds an extra layer of security to your accounts by requiring a security code on top of your password when logging in. Usually this code comes from an app on your phone or via email. It helps protecting your account even in the case that your password is compromised.
Contents
Adding multifactor authentication
Multifactor authentication backup
Enforcing multifactor authentication account wide
Adding multifactor authentication
When you log in for the first time through the website, you will be asked to set up MFA. If you choose to proceed with the installation, make sure to complete it fully.
To set up MFA click on the button Set up on the right. Follow the three steps shown on your screen and click Submit.
The verification code, also called token, can be obtained via an external app, such as (but not limited to) Google Authenticator. With this app you can scan the QR code and the authenticator then creates a token. This token will refresh every few seconds.
When this is set up you have to enter this verification code every time you log into Shiftbase. This verification code can be found in the authenticator app you used to create it.
⚠️ Warning: If you close Shiftbase while setting up the MFA (after scanning the QR code before saving the settings), you will need to set up the MFA again next time. Even if you have already obtained a token by scanning the QR code. Do not forget to remove the old token to avoid confusion when logging in.
Multifactor authentication backup
We strongly recommend that you keep the backup code and set up a backup email when using MFA. You can use this if you unexpectedly don't have access to your authenticator anymore.
You can set up the backup email or code under your icon on the top right>My login.
💡Tip: In My Login, when requesting your backup code, confirm with your Shiftbase password.
-
Backup code:
In case of loss, theft or a broken phone, it is possible to use this code to disable multifactor authentication. -
Backup email:
A backup email address can be used to receive a Login link to regain access to the account. This email address must be a different email than the one you use to log in.
⚠️ Warning: If you've lost access to your account and haven't set up a backup code or email, your supervisor can manually deactivate MFA for your account.
Enforcing multifactor authentication account wide
As an Administrator it is possible to enforce the use of multifactor authentication for all users. After logging in, users will be asked to enable multifactor authentication for their account. Accounts are inaccessible until activation has been successfully completed.
To do so navigate to the Settings>Security. In this menu on the very top of the page, select Click here to activate this for your account. 
