Multi-Factor Authentication
Multi-factor Authentication (MFA) requires a User to receive a code through email or text to complete authentication. This is a great way to keep your sensitive data secure! We recommend you enable multi-factor authentication after you adequately prepare Users for the new process.
- You can require multi-factor authentication for all Users or just certain Users. So even if you don't require multi-factor authentication for everyone, you can require it for specific Users (for example, staff). Which specific Users? Totally up to you!
- Multi-factor authentication is device-specific. Enjoying the Platform on your desktop and your mobile device? You'll need to log in using multi-factor authentication on both devices.
- Multi-factor authentication is universal across applications that use Simple Sign-on. Once you set up your device with multi-factor authentication, you can log in to the Platform, Widgets, and Life Apps without setting it up again.
- You can set the length of time between multi-factor authentication logins. At deployment, this sets to 30 days, but you can pick a different number of days or require it with every login.
- If a code expires or the User enters it incorrectly, they can request a new code and try again.
User Walkthrough
If you enable multi-factor authentication, they'll see a familiar multi-factor authentication flow:
- The User logs in using their email, mobile phone, or username and password.
- They'll then be asked whether to receive their authentication code through text or email. Note: The User's Contact record controls the code delivery methods available. No mobile phone number? No text message option.
- Within fifteen seconds of clicking Send Verification Code, the User receives a six-digit code through their selected method. Note: The Platform sends messages and logs them in the Message Log.
- On the login screen, they'll enter their code in the corresponding text box. This page also displays a ten-minute countdown clock for the User to enter their code.
- When they select Enter, the User can also select Remember this device for [X] days. Configure the [X] value on the Domain/Accounts page.
- If a code expires or the User enters it incorrectly, they can request a new code and try again.
Add a Default Outbound SMS Number
- You must configure the default outbound SMS number.
- Go to .
- If you have an existing Outbound SMS Number, edit the record. Otherwise, click New to add one.
- If needed, add a Number Title.
- If needed, add the SMS Number.
- Set Active to Yes.
- Set Default to Yes.
- Click Save.
Enable Multi-Factor Authentication
MFA Message Customization
- You can customize the MFA Verification Email Template for your church. This template must include the [Code] token. Contact Page merge fields are supported, so personalize that message!
- You can also customize the MFA Verification Text Template. This one must include the [Code] token.
- You can even customize the messages and buttons! To make changes, go to Here are a few of the relevant Application Labels: and update the appropriate label(s). Note that you are responsible for all translations if the default is not used.
- oauth.mfaDescription: The statement users see when they select to receive their code through email or text. The default is "How would you like to receive your two-step authentication code?".
- oauth.mfaTryAgain: The message a user sees if they enter an expired code or enter their code incorrectly. The default is "Try Again".
- oauth.ERR_MFA_TOKEN_ERROR: The message a user sees if they enter an expired code or enter their code incorrectly. The default is "Verification code is expired or invalid. Unable to proceed with 2-step authentication. Please try again.".
Configure MFA for All Users
- Complete the general configuration steps.
- In the navigation menu, click .
- Set MFA Required to Yes.
- Click Save.