.png)
Using Multi-Factor Authentication (MFA)
Multi-Factor Authentication or MFA, is a security measure implemented on all Portal users and API-integrated Partners that creates an additional layer of user verification by supplying a six-digit code to an authenticator app of your choice to verify you’re the user logging in or initiating a request/action.
Navigate to the Multi-Factor Authentication Enablement page by clicking Settings in the Admin category of the left-hand navigation panel. Then, click Multi-Factor Authentication Enablement under the Business Details section.
Note: The page does not dynamically load the entire list of all MFA-enabled users.
By using the search button 🔍 in the search bar, you can either load with no criteria to populate the entire list, or enter in a specific user you’re looking for to filter.
Enable MFA
After navigating to the Multi-Factor Authentication Enablement page, you’ll see a list of existing users in your portfolio and whether or not they have enrolled in and enabled MFA.
If you need to create an entirely new user with MFA, follow “Creating New User MFA Enablement” below.
For all existing users, skip to “Existing User MFA Enablement”.
Step 1: From the Dashboard, navigate to Users (under Management)
Step 2: Click the Add User in the upper right corner.
Step 3: After entering the desired new user info, select “Yes” from the Multi-Factor Authentication Enabled dropdown.
Step 1: From the Dashboard, navigate to Settings (under Admin).
Step 2: Click Multi-Factor Authentication Enablement.
Step 3: Select the desired user from the list by clicking the checkbox.
Step 4: Click Enable on your selected user listing.
Step 1: From the Dashboard, navigate to Users (under Management).
Step 2: Click on the desired user from the page list to be redirected to their User Profile.
Step 3: Under the User tab (This will be the name of the User) in the User Profile menu. Then, click the edit icon in the upper right-hand corner.
Step 4: Click the Multi-Factor Authentication Enabled field and select Yes from the dropdown. Then, click the check icon in the upper right corner to confirm the change.
Enroll Portal MFA in the Authenticator App
After enabling the MFA feature for the desired user, the user will be required to enroll in their preferred authenticator app (such as Microsoft/Google Authenticator, Okta Verify, or RSA SecurID) the next time they attempt to log in to the Portal.
See the screenshots of the example below for steps.
The prompt the MFA-enabled user will see upon first login.
Notification to download an Authenticator App
Recommended Authenticator Apps
See the expandable content below for a list of links and QR codes to recommended authenticator apps for MFA enrollment:
App | iOS | Android |
 Microsoft Authenticator .svg?inst-v=3128c331-54c9-40fa-9201-2d1c36ba4861) .png?inst-v=3128c331-54c9-40fa-9201-2d1c36ba4861){kind=icon} | .jpg?inst-v=3128c331-54c9-40fa-9201-2d1c36ba4861) |  |
 Google Authenticator | .jpg?inst-v=3128c331-54c9-40fa-9201-2d1c36ba4861) |  |
 Okta Verify |  |  |
 RSA SecurID | .jpg?inst-v=3128c331-54c9-40fa-9201-2d1c36ba4861) |  |
QR Code to enroll the Portal login to the preferred Authenticator App
Successful enrollment message.
Remember Me
After enrolling in MFA, and attempting an additional login to the Portal prompting for the current temporary authenticator code to be entered. Users are able to toggle a checkbox that says “Remember me for up to 30 days” to ensure that a user is not prompted to enter a temporary authenticator code for MFA the next time they login within the next 30 days.
Toggle the “Remember Me” checkbox, then enter the authenticator app code. This prevents the selection from not being saved.
Remember Me can be used by multiple devices under one account at a time.
Location Sharing - Remember Me
In order for the “Remember Me” feature to work is to ensure that users' location sharing is “Allowed” when accessing the Portal, and is not set to block the Portal.
Reset or Temporarily Disable MFA Enrollment
In situations where users leave your organization or lose their device that contains the authentication code setup required for MFA, you can disable MFA for that user to allow them to re-enroll. If and when the user is ready to re-enroll, simply re-enable their MFA enrollment and the process shown above will be prompted again for the user to set up MFA.
Note for Internal Employees
To reset or temporarily deactivate, submit a ticket here: https://payrix.atlassian.net/servicedesk/customer/portal/15/group/36/create/143
Deactivation Warning
MFA is required as part of information security and code of conduct policies. Do not attempt to deactivate MFA permanently as it may result in disciplinary action.
Step 1: In Multi-Factor Authentication Enablement, locate the desired user you wish to disable or reset.
Step 2: Click the Disable button next the the listed entry of the user you want to disable or reset.
Disable MFA User Enrollment.
Note: you can return a specific user using the search bar.
Step 3: When the user is ready, click the Enable button on the disabled user’s listing to prompt new setup for MFA enrollment.
Re-Enable MFA User Enrollment
Done. You have successfully reset the user's MFA Enrollment setup.