Skip to main content

Multi-Factor Authentication


To enable Multi-Factor Authentication (MFA) and start using one-time passwords, follow these steps:

Quick Step List
  1. Login then click on your name. In the dropdown click Security.

  2. Click the Change Multifactor Authentication Settings to open the Multi-Factor Authentication settings page.
    • Choose to disable MFA or enable one-time passwords.
  3. Click on Send One-Time Password To Email then go into your email and copy your one time password.

  4. Enter your one-time password as well as your current password then click Submit.

The one-time password is only valid for 15 minutes. If the password has expired, a new one will be generated.

Step-by-Step Instructions

Enabling MFA

  1. Log In to the System: Login then click on your name. In the dropdown click Security.
  2. Access Security Settings: Find the Multi-Factor Authentication Section. This section shows the current MFA status and includes a button to manage the settings.
  3. Manage MFA Settings
    Click the Change Multifactor Authentication Settings button at the bottom of the page to open the Multi-Factor Authentication settings.

Managing MFA Settings

  1. Access MFA Settings Page:
    On the Multi-Factor Authentication settings page, you can either:

    • Disable MFA, or
    • Enable one-time passwords.
  2. Save Your Changes:
    To save your changes, click on the Send One-Time Password To Email then enter:

    • Your current password, and
    • A one-time password (OTP).
  3. Send a One-Time Password (OTP):

    • To receive an OTP, click the button to send it to your registered email address.
    • The OTP will be sent to you by email and is valid for 15 minutes.
    • After 15 minutes, the OTP expires, and you will need to generate a new one.
  4. Enter the OTP:

    • Enter the OTP in the box below the current password field.
    • Press Submit to confirm your changes and update your MFA settings.

OTP Expiry: Any unused OTPs will be invalidated if a new OTP is generated, even if they haven't expired yet.

OTP Email Format: The OTP email will follow the template set for your account.

Session Storage: Once you enter an OTP, it is stored in your session data. If you clear your browser's local storage, you'll need to enter a new OTP.

Different Devices: OTPs do not persist across different browsers or devices. If you log in from another device, you'll be prompted to enter a new OTP.


Logging In with MFA

  1. Login as Usual:
    Enter your username and password as normal.

  2. OTP Prompt:
    After logging in, you'll be prompted to enter a one-time password.

  3. Accessing Other Pages:
    You will be redirected to the OTP screen when accessing any page other than:

    • /login – Login page
    • /logout – Logout page
    • /one_time_password – OTP entry screen
    • /account/send_email – Send OTP email
    • /account/multiauth – Multi-auth settings page
  4. Complete OTP Entry:
    Enter your OTP, submit it, and you'll be able to access the rest of the site.