Enable Multi-Factor Authentication in Enterprise Hub

  • Updated on Apr 25, 2026
  • Published on Mar 4, 2026
  • 4 minute(s) read
Prev Next

Overview

Use Multi-Factor Authentication (MFA) in Enterprise Hub to strengthen security and mitigate breach risks. You can configure MFA on a role basis with either Time-based One-Time Password (TOTP) or SMS verification to protect accounts.

Who uses this feature

  • Office employees

  • Applies to all business types

Feature configuration

  • Account configuration is required to use this feature. Please contact Technical Support for details.

Things to know

  • Ensure that all users who need to administer MFA configurations have the necessary user permissions enabled in the system. For more, see step 4 in the Grant access to User Management section. User management interface showing permissions including 'Manage MFA' option selected.

  • Organizations can enable one or both authentication methods, SMS or TOTP, for their employees.

  • When you enable MFA for a user, they'll be immediately logged out and prompted to set up your organization's selected authentication methods upon logging back in.        

    Note: Make sure to inform them of this change beforehand.

  • If a user encounters issues during the verification process, the user should contact their administrator for assistance. You have the ability to disable and reset MFA. For more, see Manage MFA configurations.

Glossary

  • Multi-Factor Authentication (MFA): A security method that requires you to verify your identity using two or more authentication factors, for example, password or code.

  • Short Message Service (SMS): A text messaging service used to send verification codes or notifications to mobile devices.

  • Time-based One-Time Password (TOTP): A temporary, time-sensitive code generated by an authenticator app for secure login verification.

  • Multi-Factor Authentication (MFA) Enforcement: An Enterprise Hub security policy that auto-enables Multi-Factor Authentication (MFA) for all Enterprise Hub users to strengthen account protection, prevent unauthorized access, and align with security best practices with minimal disruption.

General requirements for Enterprise Hub administrators

  • The system automatically configures MFA—either SMS or TOTP. For more, see Multi-Factor Authentication (MFA) Enforcement for Administrators.

  • Ensure that all users who need to administer MFA configurations have the Manage MFA permission enabled in the system. For more, see Grant access to User Management.

  • When the system automatically configures MFA for a user, they'll be immediately logged out and prompted to set up your organization's selected authentication methods upon logging back in.        

    Note: Make sure to inform them of this change beforehand.

  • If a user encounters issues during the verification process, they should contact their administrator for assistance. You have the ability to disable and reset MFA. For more, see Manage MFA configurations in Enterprise Hub.

SMS: Mobile Phone Verification

This method requires a valid mobile number to receive a one-time passcode by text message.

  • Ensure to add mobile phone numbers to all users who use SMS MFA.

  • Double-check that all mobile phone numbers on file are correct and accessible by the user, as this is the channel for identity verification during sign-in.

TOTP (Authenticator App)

This method uses an app on a tablet or mobile device to generate rolling codes, offering a highly secure verification factor.

  • Users can configure TOTP MFA using virtually any authenticator app on their mobile device, for example, Google Authenticator, Microsoft Authenticator, Okta, or LastPass. For more, see Set up MFA with Google or Microsoft Authenticator.

  • Users may use an existing authenticator app or download a new one from their device's app store, such as, App Store or Google Play Store.

  • This app works even if the device isn't connected to the internet or mobile data isn't available.

Setup MFA for users

There are 2 methods to set SMS or TOTP for your users:

Set MFA for an individual user account

  1. In Enterprise Hub, click User Management.

  2. In the Users section, click +Add User.

  3. Fill out user details as described in the Create users section.

  4. Go to the Multi-Factor Authentication (MFA) section and select one or both of options:        

    1. Mobile SMS: If you prefer to use SMS-based (text) verification.                

      Note: The user must have a mobile phone number saved to their profile.

    2. Authentication App: If a user doesn't have a phone number or prefers an authenticator app. User details form with highlighted multi-factor authentication options for added security.

  5. When finished, click Save.

Note: When you enable both MFA methods, users can select and set up their preferred method during login.

Enable or update MFA in bulk in Enterprise Hub

To update multiple users at once:

  1. In User Management, click Security.

  2. Select the checkbox for all users you want to enable MFA. User management interface displaying security settings and multi-factor authentication options.

  3. Click the action and select the MFA option you want to enable for the user. Dropdown menu showing options to enable or disable mobile SMS and authenticator.

The system enables MFA on the selected user account.

Note: After MFA is enabled, the system immediately logs the user out and prompts them to set up MFA on their next login.

Manage MFA configurations in Enterprise Hub

  1. In User Management, click Security.

  2. On the Security screen that opens, you can:        

    1. Search for users.

    2. Filter by MFA Type, Phone number status, or Account status.

    3. Enable MFA.

    4. Perform bulk actions.

    5. View user profile details.

    6. Edit user profiles.

    7. View MFA error logs.

    8. Lock user accounts.

    9. Reset TOTP.

    10. Disable TOTP authenticator.

View user MFA details

  1. On the Security screen, click More .

  2. Select View DetailsUser account management interface showing Multi-Factor Authentication options and details.

  3. On the drawer that opens, view or edit details.

  4. When finished, click DoneMulti-factor authentication options including Mobile SMS and Authenticator App for security.

Edit user profile

  1. On the MFA screen, click More .

  2. Select Edit. You are redirected to the user profile. User account management interface showing options for editing and viewing details.

View MFA error logs

  1. On the Security screen, click More .

  2. Select the View MFA error logs option. User account management interface showing Multi-Factor Authentication options and error logs.

  3. On the Multi-Factor Authentication Errors window that opens, you can:        

    1. Verification Init Failed

    2. SMS Service Unresponsive

    3. Verification SMS Undelivered

    4. Verification SMS Delivery Unknown

    5. Verification SMS Send Failed

    6. User Reached Verification Initialization Limit

    7. User Reached Code Sending Limit

    8. Not My Number

    9. User Code Verification Failed

    10. TOTP Verification Failed

    11. TOTP Secret Reset

    12. TOTP Account Locked

    13. TOTP Max Attempts Reached List of multi-factor authentication errors with highlighted TOTP Secret Reset option.

Lock users

  1. On the Security screen, click More .

  2. Select the Lock user account option. User account management interface showing options to lock accounts and view details.

  3. In the confirmation window that opens, click Lock Account to proceed with locking the employee or technician account, or click Cancel to dismiss the action. Confirmation prompt to lock a selected account, with options to cancel or proceed.

Reset TOTP authenticator

  1. On the Security screen, select a user.

  2. Click Actions.

  3. Select Reset AuthenticatorDropdown menu showing options to manage mobile SMS and authenticator settings.

  4. On the window that opens, click ResetConfirmation prompt to reset two-factor authentication for one user in an app.

Disable TOTP authenticator

  1. On the Security screen, select a user.

  2. Click Actions.

  3. Select Disable AuthenticatorMenu options for managing mobile SMS and authenticator settings with highlighted actions.

  4. On the window that opens, click Disable.

Want to learn more?

Related articles