Overview

Enabling Multi-Factor Authentication (MFA) is an important security measure that SaaS companies can implement to protect their users' accounts from unauthorized access. MFA adds an extra layer of security by requiring users to provide a second form of identification, in addition to their username and password, before accessing their account. It is required to have MFA enabled for all accounts.

Verify Your Account

Regardless of how you sign in (email/password or social login), you will be required to provide a one-time code to verify your account. This has replaced the previous email method.

Initial Implementation

One-Time Code Input

During the initial setup, you will need to scan the QR code using your preferred authenticator app (ex. Authy, Duo, etc.). Once selected, apply the one-time code to the respective field.

Moving forward, when MFA is required, you will be prompted to apply the temporary code found in your authenticator app.

Once MFA is enabled and the grace period is passed:

• Client users must go through MFA verification upon initial login & on a recurring basis from a configurable setting in each account.

  • By default, users will need to verify once every 30 days. This can be changed to a more frequent basis upon request, including on each login.

First Time Logins:

Set up MFA on your first sign-in to the dashboard. It takes just 2 minutes using any authenticator app on your phone.

• If you don’t have an authenticator app, download the Google Authenticator App:

  • iOS Download

  • Android Download

• Once the app is downloaded, click (+) in the bottom right corner

• Scan the QR code to add Satisfi Labs to your list of accounts.

Additional Notes

• Users will have up to 5 attempts once the MFA code is sent to enter their passcode correctly. After the 5th attempt, their account will be locked. Users with locked accounts will be prompted to ask an administrator for assistance.

• The MFA is specific to each client account + unique device. Logging in on incognito, phone, new device, etc, will result in verification needing to be resent.

• Satisfi Administrators will adhere to the client account settings. For example, if a client account is set to an MFA expiration of daily due to their company's policies, Satisfi Administrators will also go through the verification each day when reviewing the client account.