Overview

In this article, you'll learn how to set up, use, and reset multi-factor authentication (MFA) in Cordial.

MFA adds a second layer of security to your Cordial account by requiring a time-sensitive verification code from an authenticator app in addition to your password. Every user can enable or disable MFA in their own account settings unless your organization's security policies require it to remain on. 

Before you begin

Download an authenticator app on your mobile device before starting setup. Cordial recommends Google Authenticator, available on the Google Play Store and Apple App Store. Other apps such as Okta Verify or Microsoft Authenticator also work.

If MFA is disabled for a user and needs to be re-enabled, that user must do so themselves through their account settings — admins cannot enable it on their behalf.

Set up multi-factor authentication

1. Log in to your Cordial account and navigate to Settings > Profile Settings.

2. Under Multi-factor Authentication, click Enable. Cordial generates a QR code and a setup key. Important: Click Enable only once. Clicking it a second time invalidates the current QR code and setup key, and you'll need to start over.

3. In your authenticator app, add a new account using one of the two options below: 

• Option A — Scan the QR code (recommended) Open your authenticator app and use its QR code scanner to scan the code displayed in Cordial. The app will automatically configure itself and begin generating time-sensitive codes. 
• Option B — Enter the setup key manually If you can't scan the QR code, open your authenticator app and choose the option to enter a code manually (in Google Authenticator, tap + > Enter a setup key). Type or paste the setup key displayed on the Cordial MFA setup screen into your authenticator app. Important: The setup key is entered into your authenticator app — not into Cordial. Do not type it into the Enter code from device field on the Cordial screen.

4. Your authenticator app will generate a 6-digit time-sensitive code. In Cordial, enter that code in the Enter code from device field and click Confirm. Note: Be sure to click Confirm — not Enable — after entering the code from your authenticator app.

5. When logging back into Cordial once you have MFA enabled in your account, open your MFA app and locate the freshly-generated authentication code. After entering your password in Cordial, enter the active authentication code from your MFA app and click Validate Code.

Log in with multi-factor authentication

MFA is now active on your account. Each time you log in, open your authenticator app, locate the Cordial code, and enter it after your password. Note: Enter the code before it expires. Authenticator app codes refresh every 30 seconds.

1. Enter your email and password on the Cordial login screen.
2. Open your authenticator app and locate the active code for Cordial.
3. Enter the code in Cordial and click Validate Code.

View MFA status for your team

If you have admin access, you can view the MFA status of all users in your account.

1. Navigate to Settings > Users.
2. The MFA column shows whether MFA is enabled or disabled for each user.

Reset multi-factor authentication

If a user is locked out or needs their MFA reset — for example, after losing access to their authenticator app, submit a support ticket. Include the email address of the user whose MFA needs to be reset.

For Okta Verify users: To re-enroll, open Okta Verify, tap the > next to the Cordial entry, select Delete Account, then follow the setup steps above to scan the new QR code.