MFA (Multi-factor verification)
MFA adds another layer of security to user accounts by requiring multiple forms of identification.
💎 MFA is only available for the Enterprise package.
MFA Setup
The company account owner (not an administrator) can set up MFA from the Integration / Credentials section.
You can choose between two options:
- Available MFA, where all users can choose whether they want to use multi-factor authentication at login.
- Requeired MFA, where all users must use multi-factor authentication when logging into their account.
Login procedure
The MFA itself involves two factors in Sloneek:
- The thing the user knows well (their application password)
- The means of authentication (phone to send the verification SMS)
The moment a user with MFA activated logs in to the app for the first time (from the moment MFA is activated), they will enter their phone number to receive a verification SMS:
The code is then simply entered into the prepared field and securely logged into the application:
You do not need to enter your phone number again the next time you log in. The code will automatically be sent to the user’s phone number.
Reset MFA
If needed, the account owner can reset the MFA at any time for:
- a selected user (in their folder under Notifications & Integrations / MFA)
- all users (in Settings / Integration / Credentials by clicking on the Reset button)
Security measures
Each user has 5 login attempts to correctly enter the SMS code. Once the limit is exceeded, his account will be locked. Recovery is done by allowing the account owner to reset the user’s MFA, allowing them to log in again.
The MFA feature is also available for logging in from the mobile app. At the same time, account administrators do not see the phone numbers users enter to have codes sent to them.