Menu

Articles in this section

Multi-Factor Authentication Verification Mode: Authentication App (How To & Reference)

In this article

     

    Multi-Factor Authentication (MFA) is a security-enhancing practice of requiring a person to perform more than one step, beyond email and password, for example, when logging into a system.

    A person required to complete MFA triggers it by ...

    • Initiating logging in, by providing a valid email address and password, from a device not remembered for MFA purposes.

    • Initiating a password reset process and then providing a valid email address and password.

    • Clicking a login in link on a device not remembered for MFA purposes.

    This article will walk through the steps of Authentication App Verification.

    Before You Begin

    Review the MFA Feature Overview and Settings. Beginning July 2025, all admins are required to use MFA, while non-admins the setting remains optional. A shul must determine which verification mode for people logging in to use; email or authentication app.

    Using an Authenticator App

    1. The person provides a valid email address and password.
    2. The system displays a code entry screen and directs the person to open the app for code.
    3. The person enters the verification code.
    4. The system completes login, prompting for a new password if that is what triggered MFA.

    If both email and authenticator modes are enabled, a "Try another way" link is shown.

    Example: Code entry screen. Help text is from MFA Settings.

    Authentication code entry screen

     

    Initial App Setup

    Any authenticator app available is able to be used. Examples of authenticator apps include:

    • Google Authenticator
    • Free OTP
    • Microsoft Authenticator

    Use of an authenticator app requires an initial setup to register at least one device. The code entry screen features a "manage MFA" checkbox that when checked allows the person add/remove registered devices. When there are no devices registered for the person, the box is checked by default and cannot be unchecked.

    When "manage MFA" is triggered by that box being checked:

    1. The system shows the "Authenticator application page".
    2. Click "Add new Authenticator".
    3. User opens their preferred authenticator app and choses to add a new application.
    4. User enters the code from the app into the code entry screen.
    5. User clicks Submit (device nickname optional).
    6. The system validates the code and returns the user to the "Authenticator application page". 
    7. User clicks "Continue to Application" to go to ShulCloud.

    Example: The "Manage MFA" screen is where people can add/remove registered devices;
    "Continue to Application" takes the person to ShulCloud.

    Authenticator application interface

     

    Example: Authenticator App setup screen.

    2FA setup instructions with QR code

    What to do if you get a new Device

    Google Authenticator
    OTP
    Microsoft Authenticator

    Related Resources

     

    Related articles