![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
👥 Roles and permissions
Only administrators can enable MFA for the organization
Multi-factor authentication (MFA) allows you to secure your Hyperproof instance by requiring additional factors necessary for logging in to Hyperproof.
Hyperproof currently supports MFA with an authenticator app like Google Authenticator, Microsoft Authenticator, or Authy. When users are enrolled in MFA, they will need to set up one of these apps on their phone. Additionally, they will be given a recovery code at the time of enrollment that allows them to get back up and running if they lose their device where the authenticator app was installed. Refer to Resetting MFA below for more information.
📝 Note
Both SSO and MFA require an internet domain. You don’t have to use SSO if you want MFA, and you don’t have to use MFA if you use SSO. They are both authentication features that are enabled by an internet domain specific to your organization.
📝 Note
Hyperproof Gov uses Okta as its MFA provider.
Enabling MFA for your Hyperproof instance
Prior to turning on MFA, an internet domain must be assigned to your organization. Log in to the Hyperproof Support Portal to create a request.
📝 Note
The domain is based on your organization’s email domain. There should be at least one verified Hyperproof administrator in your organization with the matching email domain.
Once the domain has been assigned, you can then configure MFA in Hyperproof by following the steps below.
Log in to Hyperproof as an Administrator.
From the left menu, select Settings and then select Authentication.
📝 Note
The Authentication tab is not visible until SSO is turned on for your organization. If SSO has been turned on and you don’t see the tab, log out of Hyperproof and then log back in again. If the option is still not visible, please create a support request.
Toggle on Multi-Factor Authentication (MFA).
The Authentication window opens.
Select the radio button that best suits your organization:
Always - Users see a MFA prompt every time they log in to Hyperproof.
Adaptive - Users only see a MFA prompt if Auth0 detects that it’s necessary, e.g. a user logs in from a different machine, or if they are at a new location.
Click Save.
When MFA is enabled, there is no immediate impact on logged-in users. They will be prompted to enroll in MFA the next time they log in to Hyperproof.
📝 Note
MFA settings apply to all users with an email address that matches the internet domain assigned to the organization. If you invite an external auditor into a MFA-enabled organization, for example, they won’t see the MFA prompts.
Resetting MFA
If a user loses the device on which they installed the authenticator app, they can use the recovery code(s) that they were given at the time of MFA enrollment to get back up and running.
If the user does not have the recovery code(s), Hyperproof can reset the user’s MFA settings via a support request. After their MFA settings have been reset, they should log out and back into Hyperproof at which time they will be prompted for MFA enrollment.