Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds an extra layer of security to your Alokai Console account by requiring a second form of authentication in addition to your password. The console supports Time-based One-Time Password (TOTP) authentication using authenticator apps.
MFA Availabilityri:link
Who Can Use MFAri:link
MFA is available only for standard console accounts that use email and password authentication.
Who Cannot Use MFAri:link
MFA is not available for:
- SSO-authenticated accounts: Users who log in through their organization's Single Sign-On
- GitHub-authenticated accounts: Users who log in using their GitHub account
MFA for SSO Usersri:link
If your organization uses SSO and requires multi-factor authentication, this must be configured at your Identity Provider level (such as Okta, Azure AD, or Google Workspace). The Alokai Console does not manage MFA for SSO accounts - your identity provider handles all authentication security requirements.
How to Enable MFAri:link
Prerequisitesri:link
Before enabling MFA, install an authenticator app on your mobile device or computer:
- Google Authenticator (iOS/Android)
- Authy (iOS/Android/Desktop)
- Microsoft Authenticator (iOS/Android)
- 1Password (iOS/Android/Desktop)
- Any other TOTP-compatible authenticator app
Setup Processri:link
- Navigate to Profile Settings
- Go to your Profile → Profile Details
- Find the "Multi Factor Authentication" section
- Start MFA Setup
- Click "Add authenticator" button
- A setup modal will open with step-by-step instructions
- Configure Your Authenticator
- Scan QR Code: Use your authenticator app to scan the displayed QR code
- Manual Entry: If you can't scan, manually enter the provided setup key
- Name Your Device: Give your authenticator a recognizable name (up to 250 characters)
- Verify Setup
- Enter the 6-digit code from your authenticator app
- Click "Verify and Enable"
- Save Backup Codes
- Download your backup codes immediately after setup
- Store them securely - they can only be used once each
- Each backup code format:
XXXXX-XXXXX
Managing MFAri:link
Adding Multiple Authenticatorsri:link
You can add multiple authenticator apps and devices to your account for enhanced security and convenience:
- Multiple Apps: Use different authenticator apps (Google Authenticator, Authy, 1Password, etc.)
- Multiple Devices: Add the same account to authenticators on different devices (phone, tablet, computer)
- Unique Names: Give each authenticator a unique, descriptive name to identify them easily
- All Generate Valid Codes: Each configured authenticator will generate valid codes for your account
Important: When you add a new authenticator, new backup codes are automatically generated, and the previous set becomes invalid.
Managing Your Authenticatorsri:link
In your Profile Details, you can:
- View all configured authenticators with their custom names
- Delete individual authenticators you no longer use
- Add new authenticators at any time
Backup Codes Managementri:link
Important: Only the most recently generated backup codes are valid. Each set contains 10 unique codes.
When New Backup Codes Are Generated:ri:link
- Adding a new authenticator: Automatically generates a new set of 10 backup codes
- Manual regeneration: Click "Generate backup codes" in the MFA section
- Previous codes are immediately invalidated when new ones are generated
Backup Code Updates:ri:link
- Update your password manager: If you store backup codes in 1Password, LastPass, or similar tools, replace the old codes with the new ones immediately
- Download and store securely: Always download the new backup codes and store them in a secure location
- One-time use: Each backup code can only be used once
Disabling MFAri:link
To disable MFA completely:
- Remove all configured authenticators from your account individually
- MFA is automatically disabled when you delete the last remaining authenticator
- Verification required - you'll need to provide a verification code when removing the final authenticator
Note: There is no separate "Disable MFA" option - simply remove all authenticators to disable MFA protection.
Using MFAri:link
During Loginri:link
When MFA is enabled on your account:
- Enter your email and password as usual
- MFA verification modal will appear
- Enter either:
- 6-digit code from any of your configured authenticator apps, OR
- Backup code in format
XXXXX-XXXXX
- Optionally check "Trust this computer" for 30 days (if desired)
Using Backup Codesri:link
Backup codes can be used in any MFA verification window:
- Format:
XXXXX-XXXXX
(5 digits, hyphen, 5 digits) - One-time use: Each backup code can only be used once
- Universal: Works for login, password reset, and any other MFA prompt
- Current set only: Only the most recently generated set of backup codes will work
Password Reset with MFAri:link
If you need to reset your password and have MFA enabled:
- The password reset process will include additional MFA verification
- You'll need to verify your identity with your authenticator or backup code
- This trust token system ensures account security during password changes
Security Best Practicesri:link
Backup Codesri:link
- Download immediately after MFA setup
- Store securely offline (not in cloud storage or email)
- Don't screenshot or save them in easily accessible locations
- Generate new codes periodically and securely dispose of old ones
Authenticator Managementri:link
- Use recognizable names for multiple devices
- Remove old devices you no longer have access to
- Keep your authenticator app updated
Account Securityri:link
- Don't disable MFA unless absolutely necessary
- Enable MFA immediately after account creation
- Use unique passwords combined with MFA for maximum security
Troubleshootingri:link
Can't Access Your Authenticator?ri:link
- Use one of your backup codes to log in
- Remove the lost authenticator from your account settings
- Add a new authenticator device
Codes Not Working?ri:link
- Ensure your device's time is synchronized correctly
- Check that you're using the correct authenticator for your account
- Try using a backup code instead
Lost Backup Codes?ri:link
- Log in using your authenticator
- Navigate to Profile Details → MFA section
- Generate new backup codes (this invalidates the old ones)
Supportri:link
If you encounter issues with MFA setup or usage, please contact our support team. We're here to help ensure your account remains secure and accessible.