Set up multi-factor authentication
Multi-factor authentication (MFA) is a security process that requires you to provide two or more pieces of evidence to verify your identity before accessing your emnify account. These pieces of evidence (also known as factors) are typically numeric codes that are either sent to an email address or phone number by the emnify system or provided by a third-party authenticator app.
MFA enhances security by adding an extra layer of protection that makes it more difficult for unauthorized individuals to access your account. Even if someone knows your password (the first factor), they would still need access to your second factor (for example, your phone or email account) to successfully log in.
MFA is sometimes called two-factor authentication (2FA) and has historically been at emnify.
MFA will be mandatory for all emnify Portal accounts as of March 2024 to proactively safeguard our IoT ecosystem and meet regulatory security compliance. For more information, see the MFA FAQ in the emnify Knowledge Base.
Supported methods
emnify supports the following MFA methods:
- Email-based MFA (default method when enforced)
A one-time code or an authentication link is sent to the email address associated with the account. - Time-based one-time password (TOTP) MFA (configured in the Portal)
One-time codes are generated using a third-party authenticator app (for example, Google Authenticator) and entered during the login process.
As soon as one of these methods is enabled, you'll need to enter a one-time code to verify your identity if you log in to the Portal on a device you haven't set as trusted, use a different browser, or change your password.
Mandatory enforcement
Existing accounts
This process is only required if you haven't enabled MFA for your account. Configure TOTP MFA in the Portal before it becomes mandatory to avoid any potential disruptions to your workflow.
Once MFA becomes mandatory for you, follow these steps to access your account:
-
Log in to your emnify account with your email and password as usual.
-
Navigate to the email account you use to access the Portal. Open the message from emnify with your 6-digit verification code. The code is valid for 20 minutes and should contain letters and numbers.
tipCheck your spam folder if you haven't received a code after a few minutes.
-
Go back to the Portal. Enter the code and click Verify code to verify your identity.
Need help verifying your identity?
You may have issues verifying your identity once MFA becomes mandatory.
Here are a few common error messages and what to do if you see them:
This code is invalid, please try again.- Re-enter your code and click Verify code again.
- Wait at least five minutes, and then click Resend. Enter the new verification code once you've received it.
- Still having trouble? Contact the emnify support team.
- Click Resend and enter the new verification code once you've received it.
- Still having trouble? Contact the emnify support team.
- Re-enter your code and click Verify code again.
- Click Resend and enter the new verification code once you've received it.
- Still having trouble? Contact the emnify support team.
- Wait at least five minutes, and then try to log in again.
- If you've waited and the next attempt is blocked, contact the emnify support team.
Assuming no errors, you'll be redirected to the Dashboard with a message that your account's MFA is now successfully enabled. 🎉
New accounts
You don't need to set up MFA when creating a new account, as the sign up process requires you to validate your phone number (via SMS) and email address. After you access your account, you can either configure TOTP MFA in the Portal or set up email-based MFA the next time you log in.
MFA isn't required if you're on the Trial plan, but you can still configure TOTP MFA to secure your account.
Invited users
You don't need to set up MFA initially when you're invited to join a Workspace, as you'll be invited via email. After you access your account, you can either configure TOTP MFA in the Portal or set up email-based MFA the next time you log in.
Configure TOTP MFA in the emnify Portal
- Log in to your emnify account.
- Navigate to User Settings by clicking on your avatar and selecting User Settings from the dropdown menu.
- Find the Two-Factor Authentication section and click Enable.
- Enter your password to verify your identity, then click Submit.
- Activate your device's temporary authentication key by scanning the QR code with a third-party authenticator app. Alternatively, click here in the Portal text to reveal a secret key and add it to your app. After you've scanned the QR code or entered the key, a 6-digit token appears in the app.
- Finally, return to the Portal and enter the token.
Assuming no errors, MFA is now enabled for your account. 🎉
Third-party authenticator apps
A third-party authenticator app is an alternative way to receive your verification code. Instead of receiving an email or SMS, these apps provide a randomly generated and frequently changing code that you can enter to verify your identity.
Popular third-party authenticator apps that you can use with your emnify account:
- Authy
- Google Authenticator (Google Play Store or App Store)
- Microsoft Authenticator
Manage trusted devices
Reaching for your device and entering a one-time password every time you need to log in to your account can be a pain, especially if you usually sign in from the same device. To bypass this process, select Trust this device before entering the MFA code from your authentication app.
Then, Trusted Devices should be visible in the Two-Factor Authentication section of User Settings. These devices remain trusted for 90 days. After that, you'll need to verify your identity again.
To remove a device from Trusted Devices, click Remove.
Your changes are saved automatically.
Disable MFA
To turn off your existing MFA setup, go to User Settings, find the Two-Factor Authentication section, and click Disable.
You won't be able to disable MFA once it's enforced.