Multi-Factor Authentication (MFA) FAQ

General MFA information

What permission is required to manage MFA settings?

To manage MFA settings, you must enable the Allow manage MFA permission in your profile. Go to Settings > People > Employees, edit your profile, select the Permissions tab, enable Allow manage MFA, and save your changes. For more, see Enable Multi-Factor Authentication for identity services.

What is the correct way to enable MFA for multiple users?

To avoid login failures, enable MFA separately for office employees and technicians.

Go to Settings > Security > MFA.
Select and enable all office employees as a group.
Select and enable all technicians as a separate group.

Note: If a user has both an office employee and a technician profile, MFA must be enabled separately for each profile type. The same mobile phone number must be listed in both profiles.

Why am I required to add a phone number when creating a new employee if MFA is not enabled?

The system requires a valid mobile phone number in employee profiles even when MFA is not active. This is a prerequisite for potential future MFA activation. Ensure you have the Allow Manage MFA permission to bypass this requirement or to disable the MFA toggle during account creation.

Can I test MFA in the Next and Practice environments?

Yes, you can. We recommend testing MFA for your administrator accounts before enabling it in the Go environment.

Does MFA support international phone numbers?

No, MFA currently supports only domestic phone numbers from the USA, Canada, and Australia. Phone numbers must follow the formatting standards for these countries. For employees with international phone numbers, contact your success manager.

Which phone number is used for MFA?

The mobile phone number in the employee or technician profile is used for MFA.

How many login attempts are allowed before lockout?

Employees are locked out after five unsuccessful login attempts.

What triggers an MFA cooldown period?

A cooldown starts after 10 consecutive SMS code requests without successful verification.

How long is the MFA cooldown period?

The cooldown lasts one hour. If another verification is initiated during this time, the cooldown resets for another hour.

When does the Session Timeout screen appear?

It appears when:

You enter your password and reach the code entry screen.
You receive the code but take no action for 30 minutes.
After timeout, entering the code redirects you to an error page.

Are employees notified by email when the administrator enables MFA?

No, employees do not receive an email when MFA is enabled by an administrator.

Can you make MFA mandatory for all employees?

No, you can't. Contact your technical support to lock MFA for all employees.

When and where can I access my recovery codes, and who can see them?

You only see your recovery codes the first time you log in. Be sure to save them in a secure location, as you need a code if you lose access to your mobile device. Recovery codes are provided only to employees with an Administrator role.

TOTP information

What's the difference between the SMS and TOTP MFA methods?

SMS sends a verification code to the mobile phone number on your profile, while TOTP uses an authentication app, such as Google Authenticator, Authy, and more to generate a temporary code. Both add account security, but TOTP is generally more secure and does not depend on SMS delivery.

How do I reset a user's TOTP?

Administrators can reset TOTP in two ways:

From MFA settings: Go to Settings > Security > MFA, click More next to the user, select Reset TOTP, then confirm.
From employee profile: Go to Settings > People > Employees, edit the employee profile, open Multi-Factor Authentication, click More > Reset TOTP, then confirm.

After reset, the user must set up their authentication app again at login.

When do I need to reset TOTP for a user?

You should reset TOTP when a user loses access to a mobile device or the authenticator app and needs to set it again. After you reset TOTP, the user is prompted to scan a new QR code to reconfigure their authenticator app.

Do I need a phone number to use TOTP MFA?

No, you don't need a phone number.

What Authenticator App can I use for TOTP MFA?

You can use Google or Microsoft Authenticator apps. For more, see Set up MFA with Google or Microsoft Authenticator.

Can different users use different Authenticator Apps for TOTP MFA?

Yes, each user can select which authenticator app to use.

What kind of devices are required for the TOTP authenticator app?

An authenticator app can be used on a mobile device or tablet. Most laptops do not support authenticator apps.

Is connectivity, such as internet or mobile data, required to use an authenticator app?

No, after the initial setup of the authenticator app, it no longer requires a connection to receive codes.

Troubleshooting

Why can't users log in after MFA is enabled?

Browser cache issues: Have the user clear their browser cache and cookies, or try using an incognito window.
Outdated mobile app: Users must have the latest version of the ServiceTitan Field Mobile App. The old app does not support MFA.
Incorrect credentials: Users must enter their username, not their email address, when logging in.
Account lock: After 10 unsuccessful login attempts, the account will automatically be locked for security reasons.
Account cooldown: If users receive a login error, have them wait for the cooldown period to expire before trying again.

If a user receives codes but still gets a Login Failed error, have them uninstall and reinstall the mobile app, clear saved passwords, and disable any remember me features.

Why doesn't password reset work when MFA is enabled?

If a user cannot receive MFA codes, you must temporarily disable MFA for them, complete the password reset, and then re-enable MFA after they have logged in successfully. Setting a temporary password while MFA is active may cause login issues.

What should I do if MFA codes are not being sent or are delayed?

Phone number provisioning: New numbers can take up to some time to become active in our system.
SMS service delays: There may be temporary service issues or outages.
Incorrect phone number format: Verify the number is correctly formatted in the user's profile. To troubleshoot, check the MFA error logs by going to Settings > Security > MFA > More > View MFA error logs. If delays continue for more than 24 hours, Contact ServiceTitan technical support.

What do specific MFA error messages mean?

MFA Mobile Number is incorrect. Contact your administrator: The phone number in the user's profile doesn't match the number receiving the codes, or the number is incorrectly formatted.
Your account is in a cooldown period: Too many failed verification attempts occurred; you must wait one hour before trying again.
Value is required when MFA is enabled: Indicates a missing Allow Manage MFA permission.
Activity Id: 00-[string]: This is a system authentication error. Try reinstalling the app or clearing your browser cache.

For more, see Resolve and manage MFA errors.

Are there browser or device requirements for MFA?

MFA works best with the latest version of Google Chrome. If you experience issues, clear your browser's cache and cookies, or try using an incognito window. On mobile devices, ensure the ServiceTitan Field Mobile App is updated to the latest version.

What happens if I replace my device, will I be locked out of my account?

You will not be locked out. We have safeguards in place for device loss or replacement, depending on the authentication method you use:

For SMS: Since the code is linked to your phone number, you will immediately start receiving SMS codes on your new phone.
For Authenticator App (TOTP): If you use an authenticator app, such as Google or Microsoft Authenticator, that supports cloud backup, you can restore your tokens to your new device simply by logging into that app.
Recovery and Admin Control: If you can't restore your authenticator app, or if you change your phone number, your administrator has the ability to easily disable or reset your MFA setup from the user profile. This allows you to regain access and re-enroll your new device.

Common issues and quick solutions

Can't create a new employee account?

You need the Allow Manage MFA permission.

Phone number is already in use?

This can happen if a number is assigned to an active or inactive account. Contact ServiceTitan technical support to have the number cleared from the system.

Users can't log in after MFA is enabled?

Check if you followed the bulk enablement process correctly. Clear the browser cache, ensure the mobile app is up to date, and have users enter their username instead of their email.

Codes are not being received or are delayed?

Verify the phone number format, check the MFA error logs, and remember that new numbers can take up to some time to become active.

Settings - FAQ

Password and sign-in policy

How do I know if my office employees or technicians have not verified their account?

Go to Settings > People > Employees or Technicians. In the table, the Status column shows the sign-in status of the office employee or technician. A status of Pending indicates that an account invite has been sent out but the individual has not signed in and verified their account.

What do I need to do if my existing employees or technicians have not verified their account?

Go to Settings > People > Employees or Technicians. Unverified accounts have Pending status. Click Edit to view their profile. Make sure that:

Office employees have a unique email address
Technicians have a unique email address or mobile phone number

You can also send a password reset email so unverified individuals are prompted to sign in and set their passwords.

From the Employees or Technicians screen, select those with Pending status.
Click the Actions dropdown and select Send Password Reset.
Click Send to confirm.

How can an employee or technician complete their account verification?

From the ServiceTitan or ServiceTitan Mobile sign-in screen, click Forgot Password. Follow the password reset process, which includes account verification. For more, see Reset password.

Note: When you reset your password, the system will log you out from ServiceTitan Mobile and make you enter your new password. This process ensures that you're logged in with the correct credentials in ServiceTitan Mobile.

Can technician and office employee profiles use the same email and mobile phone number?

One email address can be associated with both a single user and a single tech. One email address cannot, however, be associated with multiple users or multiple techs.

The same rule applies to a mobile phone number: one phone number can be associated with both a single user and a single tech, but one email address cannot be associated with multiple users or multiple techs. For best practices, we recommend:

Usernames are not identical (for example: Office username - "John_Office", technician username - "John_ tech")
Leveraging separate email addresses (for example: Office user email - "ElroyJohns@gmail.com, technician email - "Elroy_Johns@gmail.com)
Unique passwords for each log in type (for example: Password vs. Password987)

Does the ServiceTitan sign-in policy affect Partner Portal users who use the same email address?

No. You can use the same email address with your Partner Portal account as your ServiceTitan account.

Can I use the same email and phone number with profiles in different ServiceTitan company accounts?

Yes. One email address can be associated with users and techs across company accounts.

However, once that email is associated with a user in one company account, it cannot be associated with other users in the same company account. Likewise, once it's associated with one tech, it can't be associated with other techs within the same company account.

The same rule applies to a mobile phone number.

Can a technician use their mobile number if they don't have an email address?

Yes. A technician is required to have either an email address or a mobile number in their profile. If a technician only has a mobile number, they can go through account verification and reset their password using their mobile number.

How do I disable dispatch email notifications to technicians?

Technician profiles require either a unique email or a unique mobile number. If a technician only has an email address in their profile, they are only sent email dispatch notifications. If a technician has both a mobile number and an email address in their profile, they are sent both text message and email dispatch notifications.

You can configure your account to:

Disable notifications if a technician self dispatches
Disable all email notifications to technicians

To configure your account, contact your success or implementation manager.

What are the password requirements?

All passwords must meet the following requirements:

10 characters (alpha-numeric, including symbols)
At least one uppercase and one lowercase letter (A-Z, a-z)
At least one digit (0-9)
Must not use a frequently used password. For example, common passwords like password123, 123456, and hunter2 are not allowed.

A banner is telling me that I need to change my password. Do I have to change it right away?

After first seeing the banner, you have 30 days to change your password. Frequent password changes lock out potential attackers, reducing their time to steal data or sell your password. Restricting unlimited access to outside threats is a critical component in the security of your information.

You will be locked out of your account if you don't change your password within 30 days of being notified of the request. If this happens, your ServiceTitan administrator can reset your password so you can sign in to ServiceTitan and create a new one.

Can I reuse passwords?

Your password cannot be the same as any of your previous five passwords.

How does ServiceTitan know if a password is commonly used?

New passwords are checked against a list of commonly used and compromised passwords. If your password appears on the list, you're prompted to enter a new one.

How often do I have to update my password?

Office employees and technicians are required to update their password annually (365 days after the last update).

If an employee or technician is terminated or resigns, how quickly can passwords be changed?

Password changes take effect immediately. If an employee or technician is terminated, an administrator can set a temporary password, sign in with that password, and create a new password. Make sure to update the profile email address and mobile phone number to prevent unauthorized password resets from the sign-in screen.

You can also deactivate an employee or technician account to disable ServiceTitan access.

Note: For technicians, make sure to deselect Enable Mobile Access in their profile in case the technician is assigned to an open job.

How does an employee or technician retrieve their password if they forget it?

If an employee or technician forgets their password, they can go to the sign-in screen and click Forgot Password?. This enables them to reset their password and sign in using the new password.

Who can update passwords if an employee or technician can't sign in?

An administrator--or any employee with the Edit another user's username and password permission enabled--can send a password reset email or set a temporary password in ServiceTitan. No need to call ServiceTitan.

To manage permissions, visit Set permissions for an individual employee or technician.

What do the Status columns on the Employees and Technicians screens mean?

If you go to Settings > People > Employees or Technicians, the table of account profiles includes the Status column. Statuses include:

No User Account: user created but Account Creation Method is blank (no invitation sent and no password assigned)
Pending: Invitation sent but account not created
Accepted: Account created from invitation but not yet signed in
Admin Assigned: Username and password set by administrator
Never Logged In: Existing user has not yet signed in
Date: Date of most recent sign-in

For more, see Add and edit employee or technician profiles.

What if an employee sees a blank white screen after logging in?

Problem

You are able to log in to ServiceTitan as an employee, but after entering your credentials, the page that loads is a blank white screen.

Solution

Google Chrome uses something called a "cache" to make pages load more quickly. This works by saving pages you access frequently so that your computer doesn't have to download them every time you visit a specific website.

Although this usually makes your ServiceTitan experience better, if you're experiencing any trouble, clearing your cache is a good place to start because it forces your computer to re-download your frequently accessed page resources.

To clear your cache:

Go to your Chrome browser and select More next to your avatar.
Select Settings.
From the Settings tab that opens, click Privacy and security.
Select Clear browsing data under the Privacy and Security section.
On the Clear browsing data pop-up, check the box next to Cached images and files and make sure you have All time selected in the Time range dropdown.
Click Clear data.
Note: Clearing your cache won't delete any of your saved passwords.

Before you reattempt to log in to ServiceTitan, you also need to complete a "hard refresh."

To perform a hard refresh, complete the following on your keyboard:

Mac: Hold down ⌘ Cmd and ⇧ Shift and then press R.
Windows: Hold down Ctrl and ⇧ Shift and then press R.

When you have finished clearing your cache and performing a hard refresh, return to ServiceTitan and log in again.

If you are still experiencing issues after completing this process, please contact Technical Support.

Can I view a password as an Administrator?

For information security purposes, nobody can view anyone else's password, not Admin or even anyone at ServiceTitan. If a password is forgotten, a password reset needs to be completed.

What is the process for changing a username on ServiceTitan, and who should be contacted to make the change?

Only administrators can change usernames. If you don't know who your administrator is, go to Settings > Employees in ServiceTitan. Anyone with an Admin role should be able to assist you.

To change the username:

Go to the top toolbar and click Settings .
In the side panel, go to People > Employees.
Click Edit for the employee whose username needs to be changed.
Update the username.
Click Save Changes.

For more, see Add and manage office employee profiles.

What should I do if I forget my username?

Click Forgot Password? on the login screen. The password reset email you receive includes your username.

Why am I seeing a Username already exists message when creating an account?

The system checks all ServiceTitan accounts for unique usernames. If you see the Username already exists message, select a different one.

How can I access the ServiceTitan office side on my mobile device/ iPad?

You should use a web browser to access the ServiceTitan office side on your mobile device or iPad.

To access it:

Download Google Chrome from the App Store/Google Play Store on your mobile device/ iPad.
Note: Only use Chrome as it's the best supported browser for ServiceTitan.
Open Google Chrome browser.
Go to go.servicetitan.com.
Enter your office side credentials: username and password.
Log in to access the office side of ServiceTitan.

Caution: It's not recommended to log into the ServiceTitan office side from your mobile device/ iPad. To use ServiceTitan to its potential, use your computer browser.

Business Units

How can I edit the PDF version of an invoice?

The invoice PDF depends on the Business Units (BU). To edit the PDF version of an invoice:

Go to Settings .
In the side panel, click Operations > Business Units.
Locate the BU for the invoice and click Edit.
Make changes to the Invoice Header and Invoice Message as needed.
When finished, click Save.

Can business units be duplicated?

No, you need to manually create a new business unit and fill in the details matching the business unit you wanted to duplicate.

Operations

How do I apply new zones to locations?

You can automatically assign locations to zones based on their zip codes.

Go to Settings in the top toolbar.
Go to Operations > Zones.
Click Set Zones.
The system automatically assigns locations to the zones based on their zip codes.

Settings FAQ