Before you start
Before enabling MFA, it’s important to understand:
-
Who has MFA:
Users who log in with email + password can use MFA. -
Who does not:
Users logging in via Single Sign-On (SSO) cannot use MFA because authentication is managed by the SSO provider.
Available MFA methods:
- Email MFA – Automatic, fallback method. Cannot be disabled.
- App-based MFA – Recommended, configurable by the user.
What you can configure: Only app-based MFA. Email codes are sent automatically as a backup.
What is MFA and who is it for?
Multifactor Authentication (MFA) adds an extra layer of security to your account by requiring a code in addition to your password when logging in.
- Purpose: Protect your account from unauthorized access, even if your password is compromised.
- Who should use it: All users with email + password logins.
How MFA works in Factorial
- When a code is requested: MFA triggers during login when Factorial detects a new device, browser, or location.
-
Triggers include:
- Logging in from a new device
- Accessing Factorial from an unrecognized browser
- Certain security-sensitive actions
Available MFA Methods
Email MFA (Fallback, Automatic)
- Automatically sent to your registered email.
- Cannot be disabled.
- Acts as a backup in case app-based MFA is unavailable.
App-based MFA (Recommended, Configurable)
- Can be enabled via an authenticator app (e.g., Google Authenticator, Authy).
- Generates time-based codes for login.
- Recommended over email MFA for stronger security.
How to set up app-based MFA
- Go to Settings → Security Settings in your Factorial account
- In the MFA section, click the link that opens a QR code for configuring your authentication app (e.g., Google Authenticator, Authy)
- Scan the QR code with your app
- Once set up put the generated code in the input, the app will generate secure, time-sensitive codes for you to enter during login
.png)
.png)
Tip: Keep backup codes in a safe place in case you lose access to your authenticator app.
App-based MFA is the only method that users can actively configure. If it's not enabled, the system defaults to email-based MFA for admins.
How to set up email MFA
This method is not configurable: it's automatically applied if an admin hasn't set up the MFA app.
- When you sign in, we’ll send a unique, one-time code to your registered email address
.png)
2. You’ll need to enter this code to complete your login
.png)
3. If you don’t receive the email, you can easily request to resend it
FAQs
-
Why am I getting email codes if I didn’t activate MFA?
Email MFA is automatic and acts as a fallback method. It cannot be disabled.
-
Can I choose which MFA method to use?
Only app-based MFA can be configured. Email MFA is automatic.
-
Why don’t some users have MFA?
MFA is not available for users logging in via Single Sign-On (SSO).
-
Can I disable MFA?
Only app-based MFA can be disabled. Email MFA is mandatory as a backup.
-
Can I choose whether employees use MFA via app or email?
No. Only app-based MFA is supported as a configurable option. Email is a fallback exclusively for admins who haven’t set up app MFA. It cannot be manually activated or deactivated.
-
Why can’t I disable email-based MFA?
It’s a security fallback that ensures admins with sensitive permissions still go through a verification process. It only applies if app-based MFA is not configured.