Search

Multi Factor Authentication (MFA) for ARC Members

We’re introducing Multi-Factor Authentication (MFA) to provide stronger security for your ARC account. MFA adds an extra layer of protection by requiring a second verification method in addition to your password.

MFA is provided through Azure B2C authentication and supports the following options:

  • TOTP (Time-based One-Time Password): Use an authenticator app such as Microsoft Authenticator, Google Authenticator, or Authy.

  • Email Verification: Receive a one-time code in your registered email inbox.

Step 1: Admin enables MFA for each user

Before a user can set up MFA, an Admin must enable MFA for that individual account.

  1. Log in as an Admin to the enableHR portal.

  2. Go to Settings > Usernames and Passwords .

  3. Select the user you want to enable MFA for.

  4. Enable Multi-Factor Authentication field.

  5. Save your changes.

Once enabled, that user will be required to configure MFA at their next login.

User Settings Screen

Step 2: User sets up MFA at first login

When MFA is enabled for a user, they will be prompted to choose their preferred method:

Option A: TOTP (Authenticator App)

  1. At login, select Use an Authenticator App.

  2. Scan the QR code with your preferred authenticator app (e.g., Microsoft Authenticator, Google Authenticator).

3. Enter the 6-digit verification code from the app to complete setup.

Option B: Email Verification

  1. At login, select Use Email Verification.

  2. A one-time code will be sent to your registered email address.

3. Verify your email for the One time code

4. Enter the code into the login screen to complete setup.

Step 3: Logging in with MFA

Once setup is complete, every login will require:

  1. Your enableHR username and password.

  2. A second verification step (Authenticator app code or email code, depending on your choice).

Stay logged in option:
When logging in, you may see the option “Stay logged in?”. If selected, your login and MFA details will be remembered for 30 days on that device/browser. After 30 days, you will be prompted to sign in and complete MFA again.

FAQs

Q: Can I change my MFA method after setup?
No. Once you have set up MFA, you cannot change your method directly. If you need to switch methods (e.g., from email to authenticator app), an Admin must reset your MFA settings.

Q: What if I lose access to my MFA method?
If you lose access to your authenticator app or registered email, please contact your Admin. They can reset your MFA so you can reconfigure it at your next login.

Q: Can Admins enable MFA for multiple users at once?
Currently, MFA must be enabled individually for each user.

Q: Will I need to complete MFA every time I log in?
Yes, unless you select “Stay logged in?”. If chosen, your login and MFA will be remembered for 30 days on that device/browser.

Tip: We recommend using an authenticator app (TOTP) as it provides the strongest security.

Related to