|
Multi-factor authentication (MFA) offers an additional level of security for your AroFlo site. It requires users to enter a code obtained from an authenticator app (typically on their phone or tablet) before they can log in.
Who needs to use MFA? MFA is a requirement for all users with access to
however, any AroFlo user can set up and use MFA. |
 |
|
Authentication Apps
Google Authenticator
 |
  |
|
|
Microsoft Authenticator
 |
|
|
|
Twilio Authy
 |
|
|
|
Enable MFA
Permission Groups
- Managers and those with permission can enable MFA on their own user card.
- Site Administrators (who can view and edit other users) with the above permission can also enable or disable MFA for other users.
Custom permission groups
For custom permission groups, Site Administrators can control who can enable or disable MFA by going to Permission Groups > [Select permission group] > Users > Fields > MFA (Add / Remove to ticked).
MFA is enabled on a user card.
- In AroFlo Office, go to Site Administration > Users > Select User.
Alternatively, go to Manage > Users > Select User. - Under Multi-factor Authentication, click Enable.
If you're viewing your own user card, click Enable & Configure. You can also configure MFA as soon as it has been enabled.
- The Enable MFA Verification window will appear. Click Enable.
The user is now ready to configure MFA. If you have enabled MFA for another user, they will see the configuration window on next login. Refer to the steps below.
Configure MFA
Once a user has MFA enabled, that user will see the Enable MFA Authentication window the next time they log in.
If you're enabling MFA for yourself, you will see this as soon as you enable MFA.
Don't have your phone?
If you don't have your phone with you, click Email one time code for AroFlo to email you a one-time code. Note that you won't be able to use the Don't ask again for 30 days option as mentioned below. See I don't have my phone with me, below for instructions.
- Click Use Authentication App.
- If you don't already have an authenticator app on your device, download one.
Authenticator app options include Google Authenticator, Microsoft Authenticator or Twilio Authy.
- When you see the Enable MFA Authentication window in AroFlo, open your authenticator app, as per the options above.
- Add an account in the app. Scan the QR code shown to you in the Enable MFA Authentication window.
- The authenticator app will then display a six-digit verification / password code.
- Enter the six-digit code into the Verification Code field.
- Click Verify. You will be logged in.
Optional: Tick Don't ask again for 30 days if you want the benefit of MFA without having to enter a code on each login.
Can't scan the code?
If you're unable to scan the code (e.g. if you're doing the entire process on a mobile device), tap the 
(copy) icon to copy the setup key and use the relevant option in your authenticator app (e.g. Enter a setup key) to proceed.
Quick-start steps
1. Download authenticator app
Download one of the following authenticator app options on your mobile device
2. Add an account in the app
3. Scan the QR code
Use your mobile device to scan the QR code displayed on the AroFlo login screen.
4. Code displayed
The authenticator app will then display a six-digit verification / password code.
5. Enter code
Enter the code displayed on your mobile device into AroFlo and Verify to continue with login.
6. Subsequent logins
The next time AroFlo asks for a code to log in, use the same authenticator app you used to set up MFA to obtain your code. Type this into AroFlo and Verify to continue with your login.
Using MFA
Once a user has enabled and configured MFA, the verification prompt will appear on Office login and Field login.
Don't ask again for 30 days A user can click the 30 day checkbox to gain the benefit of MFA without having to enter the verification code at every login. |
|
|
I don't have my phone with me
If you don't have your phone with you, AroFlo can email you a one-time code you can use instead. Note that you won't be able to use the Don't ask again for 30 days option if doing it this way.
You will not have this option if your user card does not contain an email address. Your Site Administrator can add or amend this if you don't have the option.
Show this
- Click Email one time code instead (or Email one time code if configuring MFA)
- On the next screen, click Send Code to confirm
- Check your email for the 6 digit code and type this into AroFlo
- Click Verify.
Troubleshooting
We've put together some common issues you may experience when using MFA:
I scanned the code using my camera and now I can't find the authenticator app
If you scanned the QR code straight from your device's camera instead of via one of the above mentioned authenticator apps first, you may be using your device's default authenticator app. See the below tabs for information that may help you.
iPhone
You're likely using the Passwords app. Find this within your apps and look for the Codes section. Your AroFlo verification code should be located here.
Samsung
You're likely using the Samsung Pass feature, which is located within the Samsung Wallet app. Your AroFlo verification code should be located here.
You can continue to use these methods to use MFA and sign in to AroFlo, or alternatively, you can reset MFA or get a Site Administrator to do this (see Manage MFA, below), and start the process again using one of the three recommended authenticator apps. See Configure MFA, above.
I'm not receiving the email with my one-time code
If you're not receiving the email with your one-time code:
- Check your spam or junk email, in case the email landed there
- Ensure your email address is correct on your user card (you may need to check with your Site Administrator if you cannot access this information)
- Check with your IT team that emails are being received correctly.
My authenticator codes don’t work
This can happen for a few reasons, including that time isn’t correctly synced on your Authenticator app. Look for settings such as 'Time correction' or 'Sync' in your chosen app.
Click the relevant Help link below.
|
|
|
Manage MFA
Once a user has MFA enabled and configured, it can be managed from their user card.
- In AroFlo Office, go to Site Administration > Users > Select User.
Alternatively, go to Manage > Users > Select User. - Under Multi-factor Authentication, click Manage. You will see the Manage MFA Verification window.
Disable MFA
- From the Manage MFA Verification window, click Disable.
- A window to confirm will appear. Click Disable.
Reset MFA
Reset MFA allows a user to configure MFA again.
Use this when a user loses access to a device that has the Authenticator App.
- From the Manage MFA Verification window, click Reset.
- Refer to 'Configure MFA' instructions above.