Enabling Two-Factor Authentication for Members

In this Article

About Two-Factor Authentication

Turn on Two-Factor Authentication

What Members Can Expect on the Mobile App

What Members Can Expect on the Member Website

Troubleshooting

About Two-Factor Authentication

Two-factor authentication adds an extra layer of security for your members that can help prevent unauthorized access to their accounts. By enabling this, your members use the mobile app or member website to register the device(s) they will use to access the directory. They will be asked to register their devices via email and will be prompted with this authentication step any time they access the directory on a new device, such as a new phone or a new location on a computer.

By enabling two-factor authentication, you will be turning this on for every active member in your directory who wishes to create and use a login for viewing the directory in the Mobile App or Member Website.

Turn on Two-Factor Authentication

The two-factor authentication (2FA) feature is only available once you Enable Member App Access on the Share Member App tab. If Member App Access is not yet enabled, you will need to do that first. 

Once you have Enabled Member App Access, you will see the option to also Enable the two-factor authentication feature. It defaults to Disabled. 

If you want two-factor authentication to be turned on for all members, Enable it. 

What Members Can Expect Using the Mobile App

Once two-factor authentication is enabled, each time a member chooses Sign In on the Mobile App or Member Website, the following will happen:

• We will try to verify the device on Sign-In to see if it has been registered on a previous Sign-In for that user.
• If the device has been registered as an allowed device previously, the sign-in function will complete as usual.
• If the device has not yet been registered, we will send a two-factor authentication email with a 6-digit code.

• The member will need to enter the code on a page we display to them.

• Once the code is entered, the sign-in will complete and we have registered this device for future sign-in attempts. When a member signs in on this device in the future, they will not need to complete the two-factor authentication process. 

We will register the device they use to sign in, NOT the device they use to enter the code. Meaning if they try to sign in from a phone, but they enter the code on a computer, we will register the phone (the device that they used to sign in).

What Members Can Expect Using the Member Website

Once two-factor authentication is enabled, each time a member chooses Sign In on the Mobile App or Member Website, the following will happen:

• When a member creates a log-in the very first time, we capture their initial location and will use it for future sign-in attempts for that user.
• We will try to verify their location on sign-in to see if it matches a previous sign-in for that user.
• If the location matches a previously verified location, the sign-in will be complete as usual.
• If the location does not match, the member will be notified, and we will send a two-factor authentication email with a 6-digit code.

• The member will need to enter the code on a page we display to them.
• Once the code is entered, the sign-in will be complete and we have captured that location for future sign-in attempts. When a member signs in from that location in the future, they will not need to complete the two-factor authentication process.  

Troubleshooting

If you are in more than one directory, and only one directory has 2FA turned on, you will be prompted for a 2FA code. We will choose the more secure directory upon sign-in to choose whether 2FA is required or not.

If you see the error "MFA Code not found" or "MFA Code Has Expired," you will need to try to sign in again to get a new 2FA code emailed to you.