Multi-Factor Authentication (MFA) is a secondary way to log in to your account besides your password. This is an extra layer of security to protect your data. It’s possible to force all your users to add this extra security layer to their account. When this enforcement is enabled, users won’t be able to access their account without setting up their MFA first, ensuring your data is extra secured. Read all about it here.


What

Teamleader Focus users can activate Multi-Factor Authentication to increase the security of their account. All admins of an account will be able to see the MFA status of the users, regardless of their pricing plan:

  • In Settings > Security, there's a list of all active users of the account
  • Next to the name of the user, their current MFA status is visible


However, admins on the BOOST and FLOW package will also have the option to enforce MFA for all users. At the top of the security page, there's a toggle to enforce MFA for all users:

  • When activated, all users without currently active MFA will immediately see a site wide banner notifying them about the upcoming enforcement.
  • Users without active MFA will be logged out at midnight that day and will be required to set up MFA the next time they log in.
  • When MFA is enforced for the account, users cannot deactivate it for themselves anymore in their profile settings
  • When you downgrade to a smaller package - that includes end of package trial - the enforcement will be turned off for all users of your account. For users who have activated MFA in the meantime, the MFA will remain active but users can deactivate it themselves again via their profile page.
  • If MFA enforcement is activated for the whole account, then an admin can choose to disable MFA for a certain user if for example they've got a new phone and can't log in to their account anymore. 
    • Simply click on the shield icon next to the MFA status of a user in Settings > Security. 
    • Afterwards an admin can enforce MFA again. 
    • Similarly, the admin can also enable MFA enforcement for previously deactivated users. In that case if the user didn’t activate MFA yet, they will be logged out immediately and required to set up MFA to log in again.