Vue Storefront is now Alokai! Learn More
Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an extra layer of security to your Alokai Console account by requiring a second form of authentication in addition to your password. The console supports Time-based One-Time Password (TOTP) authentication using authenticator apps.

MFA Availabilityri:link

Who Can Use MFAri:link

MFA is available only for standard console accounts that use email and password authentication.

Who Cannot Use MFAri:link

MFA is not available for:

  • SSO-authenticated accounts: Users who log in through their organization's Single Sign-On
  • GitHub-authenticated accounts: Users who log in using their GitHub account

MFA for SSO Usersri:link

If your organization uses SSO and requires multi-factor authentication, this must be configured at your Identity Provider level (such as Okta, Azure AD, or Google Workspace). The Alokai Console does not manage MFA for SSO accounts - your identity provider handles all authentication security requirements.

How to Enable MFAri:link

Prerequisitesri:link

Before enabling MFA, install an authenticator app on your mobile device or computer:

  • Google Authenticator (iOS/Android)
  • Authy (iOS/Android/Desktop)
  • Microsoft Authenticator (iOS/Android)
  • 1Password (iOS/Android/Desktop)
  • Any other TOTP-compatible authenticator app

Setup Processri:link

  1. Navigate to Profile Settings
    • Go to your ProfileProfile Details
    • Find the "Multi Factor Authentication" section
  2. Start MFA Setup
    • Click "Add authenticator" button
    • A setup modal will open with step-by-step instructions
  3. Configure Your Authenticator
    • Scan QR Code: Use your authenticator app to scan the displayed QR code
    • Manual Entry: If you can't scan, manually enter the provided setup key
    • Name Your Device: Give your authenticator a recognizable name (up to 250 characters)
  4. Verify Setup
    • Enter the 6-digit code from your authenticator app
    • Click "Verify and Enable"
  5. Save Backup Codes
    • Download your backup codes immediately after setup
    • Store them securely - they can only be used once each
    • Each backup code format: XXXXX-XXXXX

Managing MFAri:link

Adding Multiple Authenticatorsri:link

You can add multiple authenticator apps and devices to your account for enhanced security and convenience:

  • Multiple Apps: Use different authenticator apps (Google Authenticator, Authy, 1Password, etc.)
  • Multiple Devices: Add the same account to authenticators on different devices (phone, tablet, computer)
  • Unique Names: Give each authenticator a unique, descriptive name to identify them easily
  • All Generate Valid Codes: Each configured authenticator will generate valid codes for your account

Important: When you add a new authenticator, new backup codes are automatically generated, and the previous set becomes invalid.

Managing Your Authenticatorsri:link

In your Profile Details, you can:

  • View all configured authenticators with their custom names
  • Delete individual authenticators you no longer use
  • Add new authenticators at any time

Backup Codes Managementri:link

Important: Only the most recently generated backup codes are valid. Each set contains 10 unique codes.

When New Backup Codes Are Generated:ri:link

  • Adding a new authenticator: Automatically generates a new set of 10 backup codes
  • Manual regeneration: Click "Generate backup codes" in the MFA section
  • Previous codes are immediately invalidated when new ones are generated

Backup Code Updates:ri:link

  • Update your password manager: If you store backup codes in 1Password, LastPass, or similar tools, replace the old codes with the new ones immediately
  • Download and store securely: Always download the new backup codes and store them in a secure location
  • One-time use: Each backup code can only be used once

Disabling MFAri:link

To disable MFA completely:

  1. Remove all configured authenticators from your account individually
  2. MFA is automatically disabled when you delete the last remaining authenticator
  3. Verification required - you'll need to provide a verification code when removing the final authenticator

Note: There is no separate "Disable MFA" option - simply remove all authenticators to disable MFA protection.

Using MFAri:link

During Loginri:link

When MFA is enabled on your account:

  1. Enter your email and password as usual
  2. MFA verification modal will appear
  3. Enter either:
    • 6-digit code from any of your configured authenticator apps, OR
    • Backup code in format XXXXX-XXXXX
  4. Optionally check "Trust this computer" for 30 days (if desired)

Using Backup Codesri:link

Backup codes can be used in any MFA verification window:

  • Format: XXXXX-XXXXX (5 digits, hyphen, 5 digits)
  • One-time use: Each backup code can only be used once
  • Universal: Works for login, password reset, and any other MFA prompt
  • Current set only: Only the most recently generated set of backup codes will work

Password Reset with MFAri:link

If you need to reset your password and have MFA enabled:

  1. The password reset process will include additional MFA verification
  2. You'll need to verify your identity with your authenticator or backup code
  3. This trust token system ensures account security during password changes

Security Best Practicesri:link

Backup Codesri:link

  • Download immediately after MFA setup
  • Store securely offline (not in cloud storage or email)
  • Don't screenshot or save them in easily accessible locations
  • Generate new codes periodically and securely dispose of old ones

Authenticator Managementri:link

  • Use recognizable names for multiple devices
  • Remove old devices you no longer have access to
  • Keep your authenticator app updated

Account Securityri:link

  • Don't disable MFA unless absolutely necessary
  • Enable MFA immediately after account creation
  • Use unique passwords combined with MFA for maximum security

Troubleshootingri:link

Can't Access Your Authenticator?ri:link

  • Use one of your backup codes to log in
  • Remove the lost authenticator from your account settings
  • Add a new authenticator device

Codes Not Working?ri:link

  • Ensure your device's time is synchronized correctly
  • Check that you're using the correct authenticator for your account
  • Try using a backup code instead

Lost Backup Codes?ri:link

  • Log in using your authenticator
  • Navigate to Profile Details → MFA section
  • Generate new backup codes (this invalidates the old ones)

Supportri:link

If you encounter issues with MFA setup or usage, please contact our support team. We're here to help ensure your account remains secure and accessible.