This improvement adds new Security permissions for multi-factor authentication (MFA) so you can control who can view, edit, and receive notifications.
.png?sv=2026-02-06&spr=https&st=2026-06-03T19%3A28%3A22Z&se=2026-06-03T19%3A40%3A22Z&sr=c&sp=r&sig=B%2FX44VvxZl0rjmxI7MI4t21vx2Fz%2B%2FDr%2FCI0BBrHCYQ%3D)
What's changing?
Before, the Manage MFA permission controlled everything. It allowed viewing MFA status, editing settings, and receiving email alerts. Now, MFA access is split into three separate permissions: View MFA, Edit MFA, and Receive MFA Notifications. All security-related permissions, including these, now live under a new Security category on the Permissions page. This gives you clearer control and helps reduce extra email alerts.
Resources
Before and After
Before (Current)
Go to the top toolbar and click Settings.
In the side panel, click People > Employees.
Edit an employee.
Select the Permissions tab.
You grant the Allow Manage MFA permission to a role.
That role can view MFA status, change settings, and receive notifications.
You cannot separate read-only access from editing or notifications.
Impact: Roles may have more access than needed. Some Administrators receive MFA emails they do not need.
After
Go to the top toolbar and click Settings.
In the side panel, click People > Employees.
Edit an employee.
You open the new Security category.
You select one or more permissions: View MFA, Edit MFA, or Receive MFA Notifications.
You assign only the access each role needs.
Impact: You follow least-privilege access. You reduce extra MFA email noise and avoid over-granting permissions.
Who uses this feature
All Business Types
Administrators
Region availability: All regions.
How it works for your industry
Residential Service and Replacement
You give a manager View MFA access so they can check status without changing settings.
You limit Edit MFA access to a small group of Administrators.
You remove Receive MFA Notifications from roles that do not need email alerts.
Commercial Service and Replacement
You assign View MFA to a compliance lead who needs read-only visibility.
You grant Edit MFA only to senior Administrators.
You control which roles receive MFA notification emails about number changes or resets.
Residential Construction
You allow a project leader to view MFA status without giving editing rights.
You centralize MFA changes under a single Administrator role.
You reduce inbox clutter by limiting who receives MFA alerts.
Commercial Construction
You separate security review duties from configuration duties using View MFA and Edit MFA.
You keep notification emails limited to key security contacts.
You manage all MFA permissions under the new Security category for clearer oversight.
How to Prepare?
Review all roles that currently have the Allow Manage MFA permission.
Identify which roles need view-only access versus editing access.
Decide who should receive multi-factor authentication (MFA) notification emails.
Update your role settings in the Security category to match your access policy.
Confirm only authorized Administrators can change security-related permissions.