Multi-factor authentication¶
Multi-factor authentication (MFA) adds a second layer of security to your account. After entering your password, you provide a time-based one-time code from an authenticator app — so even if your password is compromised, your account stays protected.
Compatible authenticator apps¶
FSM Navigator supports any TOTP-compatible authenticator app. Popular options include:
| App | Platforms |
|---|---|
| Google Authenticator | iOS, Android |
| Microsoft Authenticator | iOS, Android |
| Authy | iOS, Android, Desktop |
| 1Password | iOS, Android, Desktop |
Set up MFA on your account¶
- Navigate to Settings → Security & MFA.
- Click Enable MFA.
- Open your authenticator app and scan the QR code displayed on screen.
- Enter the 6-digit code shown in your authenticator app.
- Click Verify and Enable.
MFA is now active
From your next login, you will be prompted for a verification code after entering your password.
Can't scan the QR code?
Click Enter code manually to see a text-based setup key you can type into your authenticator app.
Log in with MFA¶
- Enter your email and password as usual.
- When prompted, open your authenticator app.
- Enter the current 6-digit code.
- Click Verify.
Codes refresh every 30 seconds. If a code expires before you submit it, wait for the next one.
Company-wide MFA enforcement¶
Owners can require MFA for every user in the company.
Enable enforcement¶
- Go to Settings → Security & MFA.
- Toggle Require MFA for all users to on.
- Set an enforcement date — the deadline by which all users must enable MFA.
- Optionally set a grace period (in days) to give your team time to comply.
- Click Save.
What happens when enforcement is active¶
- Users who have not enabled MFA see a setup prompt on every login.
- Once the grace period expires, users cannot dismiss the prompt — they must set up MFA to continue.
- Owners can exempt specific users if needed (e.g., shared kiosk accounts).
Reminder notifications¶
FSM Navigator automatically sends email reminders to users who have not yet enabled MFA:
- 48 hours before the deadline
- 24 hours before the deadline
- 12 hours before the deadline
Disable MFA¶
If you need to turn off MFA on your own account:
- Go to Settings → Security & MFA.
- Click Disable MFA.
- Enter your current 6-digit code to confirm.
Think twice before disabling
Disabling MFA removes your second layer of protection. If your company enforces MFA, you may not be able to disable it.
Lost access to your authenticator¶
If you lose access to your authenticator app (new phone, uninstalled app):
- Contact your company Owner — they can reset your MFA from the user management dashboard.
- Once reset, log in with just your password and set up MFA again with your new device.
Owners who lose access
If you are the Owner and lose your authenticator, contact FSM Navigator support for identity verification and MFA reset.
Frequently asked questions¶
Can I use SMS-based two-factor authentication?
No. FSM Navigator uses TOTP (time-based one-time passwords) exclusively. TOTP is more secure than SMS because it is not vulnerable to SIM-swapping attacks.
What if my authenticator app shows the wrong code?
Make sure your device's clock is accurate. TOTP codes depend on precise time synchronization. Enable automatic time settings on your phone.
Can I use MFA on the mobile app?
Yes. The mobile app prompts for your MFA code at login, just like the web dashboard.
Does MFA work with the Enterprise API?
API keys are a separate authentication mechanism and are not affected by MFA. MFA applies only to interactive user logins.
Related guides¶
- Security overview — how FSM Navigator protects your data
- Roles and access control — understand the permission model
- Team management — invite users and assign roles
- Security settings — configure MFA enforcement