What is MFA
Multi-Factor Authentication (MFA) is a security method that enhances user identity verification beyond the traditional username and password combination.
Why is it important
MFA significantly reduces the risk of successful cyber attacks. Unlike just relying on a username and password, MFA adds an extra layer of security.
Usernames and passwords can be vulnerable to attacks or theft by third parties.
Why is Procurify implementing MFA
Our Multi-factor Authentication (MFA) feature enhances account security by requiring users to provide multiple forms of verification before accessing their accounts. This feature, integrated with Auth0, adds a critical layer of security beyond traditional password authentication.
Key Components:
Authentication Methods: Users authenticate using both their usual login credentials and a one-time password (OTP) generated by an authentication app such as Google Authenticator, Microsoft Authenticator, or Auth0 Guardian.
Implementation Scope:
Web Application: The MFA feature is currently available through our web application, ensuring enhanced security for web-based logins.
Domain-wide Setting: The setting is across the entire domain, ensuring uniform security protocols for all users within your domain without individual exceptions.
How to enable Multi-Factor Authentication (MFA) on your Domain
Steps:
You must have access to the ‘Manage Access’ section in Procurify to complete the setup.
Navigate to Settings -> Security and Authentication: MFA
Click on ‘Enforce MFA’
Please note that all users must enroll in the MFA authentication workflow. This is a domain-wide setting and can not be customized for individual users.
Downloading an Authenticator app will be required for all users accessing the domain once MFA is enabled.
Completing MFA Setup as a User
When prompted with a QR code during login, users can set up MFA by following these steps:
Open an authenticator app such as Google Authenticator or Microsoft Authenticator.
Select the option to add a new account, often labeled as Scan a QR Code or Add a Code.
Use the app to scan the QR code displayed on the Procurify login screen.
Enter the 6‑digit verification code generated by the app into Procurify to complete the setup. This process links your Procurify account with the authenticator app, allowing you to generate secure verification codes for future logins.
We recommend the following Authenticator apps:
Authy (Google Play / App Store).
Google Authenticator (Google Play / App Store).
Auth0 Guardian (Google Play / App Store).
Microsoft Authenticator (Google Play / App Store)
How to reset MFA for a User
Resetting MFA enrollment is necessary if a user cannot access their one-time-passkey, recovery code, or encounters issues during setup such as the QR code not displaying.
Steps:
You must have access to ‘Manage Users’ in Procurify and know the user details of the user you want to reset MFA for.
Navigate to Settings in Procurify (located in the bottom-left corner of the interface).
Select Manage Users.
Find and open the user profile of the affected individual.
In the Multi-Factor Authentication section, click on Reset Enrollment and confirm the reset.
How to Disable MFA
Steps:
Navigate to settings.
Select Security and Authentication: MFA.
Click on Deactivate MFA.