Multi-factor authentication (MFA)
Workflow86 supports authenticator app MFA (TOTP) for user logins.
What this does
- Adds a second verification step at sign in (6-digit code from an authenticator app).
- Supports per-user MFA setup and verification.
- Supports organization-level MFA enforcement for all users in an organization.
Turn on MFA enforcement for your organization
Users with permission to manage security policies can enforce MFA for the whole organization.
- Open Profile.
- Go to the Security section.
- Enable MFA enforcement.
When enforcement is enabled, users who do not already have MFA configured are required to complete setup during sign in before they can access the app.
Set up MFA for your own account
Any user can set up MFA for their own account:
- Open Profile.
- In Security, click Set up authenticator app.
- Scan the QR code with an authenticator app (for example Google Authenticator, 1Password, Microsoft Authenticator, or Authy).
- Enter the 6-digit code to verify setup.
After setup is verified, future sign-ins require a 6-digit code from your authenticator app.
Sign-in behavior
- If MFA is not required and not configured, users sign in with username/password only.
- If MFA is configured for a user, sign in prompts for the 6-digit authenticator code.
- If organization MFA enforcement is enabled, users without MFA are routed through setup during sign in.
Disabling MFA
- Users can disable their own MFA from Profile > Security only when organization enforcement is off.
- When enforcement is on, users cannot disable MFA.
Troubleshooting
- Code rejected: Check the device clock on your phone and desktop; TOTP is time-sensitive.
- No QR code: Retry setup from Profile. If it still fails, contact your organization administrator.
- Lost authenticator device: Contact your organization administrator or Workflow86 support to recover account access.