Multi-Factor Authentication
Multi-factor Authentication (MFA) allows a User to receive a code through email or text required to complete authentication. We think this is a great way to keep your very sensitive data secure! And we recommend enabling multi-factor authentication after adequately preparing Users for the new process.
- You can configure multi-factor authentication to be required for all users or just certain users. So even if you don't require multi-factor authentication for everyone, you can require it for specific Users (for example, staff). Which specific Users? Totally up to you!
- Multi-factor authentication is device-specific. Enjoying the Platform on your desktop and your mobile device? You'll need to log in using multi-factor authentication on both devices.
- Multi-factor authentication is universal across applications that use Simple Sign-On. So once your device is set up with multi-factor authentication, you can log in to the Platform, Widgets, and Life Apps without setting it up again.
- You can set the length of time between multi-factor authentication logins. At deployment, this will be set to 30 days, but you can pick a different number of days or require it with every login.
- If a code is expired or entered incorrectly, the user is given the option to try again and can request a new code.
User Walkthrough
If you've enabled multi-factor authentication for all or some users, they'll be presented with a familiar multi-factor authentication flow:
- User logs in using their email, mobile phone, or username and password.
- They'll then be asked whether they'd like to receive their authentication code through text or email.
Note: The code delivery methods available are controlled by the User's Contact record. No mobile phone number? No text message option.
- Within fifteen seconds of clicking Send Verification Code, the User will be sent a six-digit code through their selected method.
Note: Messages are sent through the Platform and logged in the Message Log.
- On the login screen, they'll see a text box to enter their code. This page also displays a ten-minute countdown clock for the user to enter their code.
- When selecting Enter, the User can also select Remember this device for [X] days. The [X] is determined by the value configured on the Domain/Accounts page.
- If a code is expired or entered incorrectly, the User is given the option to try again and can request a new code.
Configuration
- You must configure the default outbound SMS number.
- Go to .
- If you have an existing Outbound SMS Number, edit the record. Otherwise, click New to add one.
- If needed, add a Number Title.
- If needed, add the SMS Number.
- Set Active to Yes.
- Set Default to Yes.
- Click Save.
Enable Multi-Factor Authentication
Optional
- You can customize the MFA Verification Email Template for your church. This template must include the [Code] token. Contact Page merge fields are supported, so personalize that message!
- You can also customize the MFA Verification Text Template. This one must include the [Code] token.
- You can even customize the messages and buttons! To make changes, go to Here are a few of the relevant Application Labels: and update the appropriate label(s). Note that you are responsible for all translations if the default is not used.
- oauth.mfaDescription: The statement users see when selecting to receive their code through email or text. The default is "How would you like to receive your two-step authentication code?"
- oauth.mfaTryAgain: The message a user sees if they enter an expired code or enter their code incorrectly. The default is "Try Again."
- oauth.ERR_MFA_TOKEN_ERROR: Message a user sees if they enter their code incorrectly or the code has expired. The default is "Verification code is expired or invalid. Unable to proceed with 2-step authentication. Please try again."
MFA for All Users Configuration
- Complete the general configuration steps.
- Go to .
- Set MFA Required to Yes.
- Click Save.