Enable Multi-Factor Authentication for Identity Services

  • Updated on Apr 20, 2026
  • Published on Feb 25, 2026
  • 6 minute(s) read
Prev Next

Overview

Use Multi-Factor Authentication (MFA) with Time-based One-Time Password (TOTP) or SMS verification to enhance security. Configure MFA on an employee or technician or role basis to reduce breach risks and strengthen account protection.

Who uses this feature

  • Administrators

  • Applies to all business types

  • Applies to all trades

Feature configuration

  • Account configuration is required to use this feature. Please contact Technical Support for details.

Glossary

  • Multi-Factor Authentication (MFA): A security method that requires you to verify your identity using two or more authentication factors, for example, password or code.

  • Short Message Service (SMS): A text messaging service used to send verification codes or notifications to mobile devices.

  • Time-based One-Time Password (TOTP): A temporary, time-sensitive code generated by an authenticator app for secure login verification.

  • Multi-Factor Authentication (MFA) Enforcement: A ServiceTitan security policy that auto-enables Multi-Factor Authentication (MFA) for all administrators to strengthen account protection, prevent unauthorized access, and align with security best practices with minimal disruption.

General Requirements for Administrators

  • All administrators are required to have an MFA factor configured—either SMS or TOTP. Administrators who do not already have an MFA factor set up will be prompted to configure TOTP during their next sign-in. For more, see Multi-Factor Authentication (MFA) Enforcement for Administrators.

  • Ensure that all employees or technicians who need to administer MFA configurations have the necessary permissions enabled in the system. For more, see Enable MFA Permissions.

  • Organizations can enable one or both authentication methods, SMS or TOTP, for their employees.

  • When you enable MFA for an employee or technician, they'll be immediately logged out and prompted to set up your organization's selected authentication methods upon logging back in.        

    Note: Make sure to inform them of this change beforehand.

  • If an employee encounters issues during the verification process, the employee should contact their administrator for assistance. You have the ability to disable and reset MFA. For more, see Manage MFA configurations.

  • You can use the Privileged column and filter on the Security > MFA screen to quickly identify employees with high-risk permissions and ensure MFA is enabled before enforcement. MFA settings page displaying user details and privileged access status for employees.

SMS: Mobile Phone Verification

This method requires a valid mobile number to receive a one-time passcode by text message. For steps to add a mobile phone number, see Step 5 in Add an office employee profile or Add a technician profile.

  • Make sure to add mobile phone numbers to all employees or technicians who use SMS MFA.

  • Double-check that all mobile phone numbers are correct and accessible by the employee or technician, as this is the channel for identity verification during sign-in.

TOTP (Authenticator App)

This method uses an app on a tablet or mobile device to generate rolling codes, offering a highly secure verification factor.

  • Employees can configure TOTP MFA using virtually any authenticator app on their mobile device, for example, Google Authenticator, Microsoft Authenticator, Okta, or LastPass. For more, see Set up MFA with Google or Microsoft Authenticator.

  • Employees or technicians may use an existing authenticator app or download a new one from their device's app store, such as the App Store or Google Play Store.

  • These apps work even if the device isn't connected to the internet or mobile data isn't available.

Enable MFA Permissions

Employees with the Administrator role automatically have the permission to manage MFA.

Tip: We recommend configuring MFA permissions only for employees with the Administrator role. For other employees, the Administrator must manually enable MFA permissions from the Permissions screen.

To do that:

  1. Go to the top toolbar and click SettingsA simple icon representing a settings gear..

  2. In the side panel, go to People > Employees.

  3. Under Employees, click Add or Edit for the employee whose permissions you want to set.

  4. Click Permissions.

  5. In the Security section, select one of the three permissions:        

    1. View MFA

    2. Edit MFA

    3. Receive Mobile Change Notification

    4. Receive Incorrect Mobile NotificationEmployee permissions settings with highlighted options for MFA notifications and editing.

  6. When finished, click Save.

Set up MFA for employees and technicians

There are 2 methods to set SMS or TOTP for your employees and technicians:

Set MFA for an individual employee account

  1. Go to the top toolbar and click SettingsA simple icon representing a settings gear..

  2. In the side panel, go to People > Employees.

  3. Under Employees, click Add or Edit for the employee whose permissions you want to set.

  4. Click Profile.

  5. Go to the Multi-Factor Authentication (MFA) section and select the Enable Two-Factor Authentication option.

  6. Select one or both of options:        

    1. Mobile SMS: If you prefer to use SMS-based (text) verification.                

      Note: The employee must have a mobile phone number saved to their profile.

    2. Authentication App (TOTP): If an employee doesn't have a phone number or prefers an authenticator app. Settings for enabling Multi-Factor Authentication with options for SMS and authentication app.

  7. When finished, click Save.

Note: When you enable both MFA methods, employees can select and set up their preferred method during login.

Reset TOTP on the employee account

  1. Go to the top toolbar and click Settings A simple icon representing a settings gear..

  2. In the side panel, go to People > Employees.

  3. Under Employees, click Add or Edit for the employee whose permissions you want to set.

  4. Click Profile.

  5. On the Multi-Factor Authentication (MFA) screen, click More.

  6. Select Reset TOTPSettings for enabling Multi-Factor Authentication with options for SMS and authentication app.

  7. On the confirmation window that opens, click ResetConfirmation dialog asking to reset TOTP for the user with cancel and reset options.

Set MFA for an individual technician account

  1. Go to the top toolbar and click Settings A simple icon representing a settings gear..

  2. In the side panel, go to People > Technicians.

  3. Under Technicians, click Add or Edit for the technician whose permissions you want to set.

  4. Click Profile.

  5. Go to the Multi-Factor Authentication (MFA) section and select the Enable Two-Factor Authentication option.

  6. Select one or both of options:        

    1. Mobile SMS: If you prefer to use SMS-based (text) verification.                

      Note: The technician must have a mobile phone number saved to their profile.

    2. Authentication App (TOTP): If a technician doesn't have a phone number or prefers an authenticator app. Settings for Multi-Factor Authentication with options for SMS and Authentication App.

  7. When finished, click Save.

Enable or update MFA in bulk

To update multiple employees or technicians at once:

  1. Go to the top toolbar and click Settings A simple icon representing a settings gear..

  2. In the side panel, go to Security > MFA.

  3. Select the checkbox for all employees or technicians you want to enable MFA. MFA settings table displaying user profiles, statuses, and multi-factor authentication options.

  4. Click the action and select the MFA option you want to enable for the employee or technician. Dropdown menu showing options to enable or disable MFA and SMS settings.

The system enables MFA on the selected employee or technician account.

Note: After MFA is enabled, the system immediately logs the employee or technician out and prompts them to set up MFA on their next login.

Manage MFA configurations

  1. Go to the top toolbar and click Settings A simple icon representing a settings gear..

  2. In the side panel, go to Security > MFA.

  3. On the MFA screen that opens, you can:        

    1. Search for employees and technicians.

    2. Filter by Phone Number, MFA, and User Type.

    3. Enable MFA.

    4. Perform bulk actions.

    5. Filter the Name, User Type, Username, Email, Phone Number, User Status, Privileged and MFA columns.

    6. View employee or technician MFA details.

    7. Edit employee or technician profile.

    8. Reset TOTP.

MFA settings page displaying user accounts and their authentication statuses.

For more on locking employee or technician accounts, viewing MFA error messages, and using recovery codes, see Resolve and manage MFA errors.

View employee or technician MFA details

  1. On the MFA screen, click More .

  2. Select View DetailsMFA settings page showing user details and options for account security configuration.

  3. On the drawer that opens, view or edit details. User details view with options for enabling MFA and selecting authentication methods.

  4. When finished, click Save.

Edit employee or technician profile

  1. On the MFA screen, click More .

  2. Select Edit Profile. You are redirected to the employee profile. MFA settings page showing user profiles and options for account security configuration.

Reset TOTP

There are two ways to reset TOTP:

Option 1:

  1. On the MFA screen, click More .

  2. Select Reset TOTPUser management interface for Multi-Factor Authentication settings and options.

  3. On the window that opens, click Reset.

Option 2: Please check the Reset TOTP on the employee account section for more details.

To learn about MFA error logs and system errors, see Resolve and manage MFA errors.

Want to learn more?

Related articles
  • Multi-Factor Authentication (MFA) FAQ
    Product Areas > Settings > Multi-Factor Authentication (MFA)Enforcement for Administrators > Multi-Factor Authentication (MFA)Enforcement for Administrators > FAQ MFA