Multi-Factor Authentication (MFA) provides enhanced security when using ActiveDisclosure. MFA creates multiple layers of security to help increase the confidence that the user requesting access is who they claim to be. Follow the directions below for a one-time setup of the MFA.

The process outlined below is for all Non-SSO users and those SSO users whose company policy does not require MFA within their system.

For SSO users whose company policy requires MFA within your company’s system, you will complete MFA using your company’s standard methods.

Auth0 Guardian app setup

During the setup of your account to facilitate the Multi-Factor Authentication, you will be asked to download the Auth0 Guardian app to your mobile device, you can download it from the app store for your mobile device. The steps below will outline the process using both your computer and your mobile device.

1. Click the link in your welcome email, it will bring you to this Change Password window. Enter your new password, confirm your new password, and click the purple circle with an arrow to continue.
   
2. Now we will setup your MFA. The Secure Your Account window, will prompt you to download the Auth0 Guardian app to your mobile device.
   1. Search either the App Store or Google Play on your mobile device for the Auth0 Guardian app and download/install the app.
   2. Once downloaded, click Continue.
      Note: you can also click Try another method if you would like to use another Authorization method. To try another method, see the steps outlined in the Google Authenticator or Similar Setup or SMS Option Setup sections below.
      
3. Next, the system will create a QR code that you will need to scan in the Auth0 app on your mobile device. To do this, on your mobile device, open the Auth0 Guardian app and click the plus sign. It will ask you to point the camera at the custom generated QR code on your computer.
   
4. Once the mobile device registers your custom QR code, back on your computer, the system will generate a recovery code for you.  Copy the code and save it in a safe place (this code will help you login should you ever forget your mobile device) Once you have recorded the recovery code, check the checkbox and click Continue.
   
5. At this screen is where a push notification will be sent to your mobile device.  Note:  You have an option to remember the device you are using for 30 days. Click the checkbox to confirm.
   
6. Approve the sign-in on your mobile device and you're done! You will directed to The ActiveDisclosure Site.
7. In subsequent logins, once you enter your username and password and click Continue, you will automatically receive a push notification to your mobile device.  Open the notification and Approve the sign-in in the Auth0 Guardian app. You will be redirected to your ActiveDisclosure Site.

Google Authenticator app or similar setup

Use this process when you are unable to download the Auth0 Guardian app or would prefer to use the Google Authenticator app or something similar.

During the setup of your account to facilitate the Multi-Factor Authentication, you will be asked to download a Multi-Factor Authentication app to your mobile device. The steps below will outline the process using both your computer and your mobile device.

1. Click the link in your welcome email, it will bring you to this Change Password window. Enter your new password, confirm your new password, and click the purple circle with an arrow to continue.
   
2. Now we will setup your MFA. The Secure Your Account window, will prompt you to download the Auth0 Guardian app to your mobile device. Instead, click the Try another method.
   
3. In the Other Methods window, click the Google Authenticator or similar option.
   
4. Next, the system will create a QR code that you will need to scan in the Authenticator app on your mobile device once you have downloaded the app.
   
5. On your mobile device, search for Authenticator or Authenticator app. There are many options for Authenticator apps. Here are a few we suggest:
   
6. Once you have downloaded an Authenticator app, open the app on your mobile device and follow the prompts in the app. When it prompts you for a QR code, point your phone’s camera at the custom QR code on your computer screen. The app will recognize the QR code and provide you with a passcode. Type in the code and click Continue.
   
7. Once the mobile device registers your custom QR code, back on your computer, the system will generate a recovery code for you.  Copy the code and save it in a safe place (this code will help you login should you ever forget your mobile device) Once you have recorded the recovery code, check the check box and click Continue.
   
8. A push notification will be sent to your mobile device. Your authenticator app will generate another code. Enter the code from your app into the Verify Your Identity window, click Continue, and you are done!
   
9. In subsequent logins, once you enter your username and password and click Continue, you will automatically receive a push notification to your mobile device.  Open the notification and Approve the sign-in in your chosen Authenticator app. You will be re-directed to your ActiveDisclosure Site.

SMS option setup

Use this process when you are unable to download the Auth0 Guardian app or would prefer to use the SMS Text Messaging for your Multi-Factor Authentication method.

1. Click the link in your welcome email, it will bring you to this Change Password window. Enter your new password, confirm your new password, and click the purple circle with an arrow to continue.
   
2. Now we will setup your MFA. The Secure Your Account window, will prompt you to download the Auth0 Guardian app to your mobile device. Instead, click the Try another method.
   
3. In the Other Methods window, click the SMS option.
   
4. In the Secure Your Account window, enter your country code and your area code and phone number. Click Continue.
   
5. Once you have registered your phone number, the system will generate a recovery code for you.  Copy the code and save it in a safe place (this code will help you login should you ever forget your mobile device). Once you have recorded the recovery code, check the check box and click Continue.
   
6. A text message notification will be sent to your mobile device. Enter the 6-digit code from the text message into the Verify Your Identity window, click Continue, and you are done! Note: if you didn't receive a code, double check your phone number is correct, and click the Resend under the Continue button. If the number you entered is incorrect, click the Edit button next to the number to edit.
   
7. In subsequent logins, once you enter your username and password and click Continue, you will automatically receive a new 6-digit code via text message.  Enter that code in the Verify Your Identity window and click Continue. You will be re-directed to your ActiveDisclosure Site.

Email as a secondary factor

Once you have successfully setup a primary MFA method as described above, you can also use email as a secondary factor for times that you have can not access your mobile device. The process below will work for all primary MFA methods, Auth0 app, Google Authenticator or Similar, or SMS.

1. Log in to ActiveDisclosure by entering your email address and click Continue. Then enter your password and click Continue.
2. In the Verify Your Identity window, click Try another Method.
3. In the Other Methods window, click Email.
   
4. Once you click Email, the system will automatically send you an email with a code.
5. Enter that code into the Verify Your Identity window and click Continue.
   
6. You will now be logged into your site.

Recovery codes

Once you have successfully setup your primary MFA method as described above, you can use the recovery code you saved during the setup process as a secondary factor for times that you can not access your mobile device. The process below will work for all primary MFA methods, Auth0 app, Google Authenticator or similar, or SMS.

1. Log in to ActiveDisclosure by entering your email address and click Continue. Then enter your password and click Continue.
2. In the Verify Your Identity window, click Try another Method.
3. In the Other Methods window, click Recovery code.
   
4. Locate the recovery code you saved in the initial MFA setup process. Enter your recovery code into the Verify Your Identity window and click Continue.
   
5. The system will automatically generate a new recovery code for the next time. Copy the code and save it in a safe place (this code will help you login should you ever forget your mobile device) Once you have recorded the recovery code, check the checkbox and click Continue.
   
6. You will now be logged into your site.

MFA is automatically disabled after 60 days of non-use. To re-enable access, click the Forgot password link on the sign in screen.

Reset your MFA

When you need to reset your MFA—such as when replacing a phone that is linked to your MFA—you will need to contact ActiveDisclosure Support and request an MFA reset. After the MFA is reset, you can download the desired MFA app and complete the MFA setup on your new phone. When complete with the setup you will then be able to log into ActiveDisclosure using your new phone. See Using the Knowledge Hub and Support Center for support contact methods.

Need assistance?

See Using the Knowledge Hub and Support Center.