All Collections
Site security
Understanding multifactor authentication (MFA)
Understanding multifactor authentication (MFA)
Dan Sackett avatar
Written by Dan Sackett
Updated over a week ago

Access to Zoomforth sites can be protected using "Email with Multifactor Authentication (MFA)".

If your site is configured to use MFA, your visitors will need two things to access your site:

  1. An email address which has been configured to access the site

  2. An MFA device (such as a phone)

Set up your site for MFA

In the "Visitor Access" tab of Site Details set the visitor access settings to "Multifactor". Then add the email address(es) (or email domains) you want to have access to the site.

When visitors visit your site

The basic idea is that visitors will need to set up and use a MFA device (such as a phone) just like they do when logging into their Bank or other secure internet service.

Upon visiting for first time, your visitors will enter an email address they want to use to access the site. If you have added that email address as one that is permitted to access the site, they will then be sent an email with a link to click to confirm they have access to that email address.ย 

Following that link (or subsequent visits to that site) will show visitors a view where they can set up a device to use as their MFA device.ย 

They can choose to receive a text message (SMS) to a phone number or set up an authenticator app.
The MFA device generates (or receives via SMS) a six digit one time code which is used to finally access the site.

This setup is only is done only once per person, on the first time they visit a site on your Zoomforth account which has MFA configured.

When your visitor returns on the same browser

If your visitor returns on the same browser (and has not reset their cookies), then they will automatically be allowed access to the site with no further action.

However, for each new browser/computer/phone that person uses to visit your site, they will need to re-enter their email address and re-authenticate using the same MFA device they initially setup.
Keep in mind, the visitor is not setting up a new device each time. They are rather using that same device to generate (or receive via SMS) a new six digit pin code.

If your visitors loses their MFA device, you will need to reset it for them. See the help article "Resetting your visitors MFA device".

Did this answer your question?