# MFA verification

### Scope <a href="#scope" id="scope"></a>

This document defines the **Multi-Factor Authentication (MFA) verification flow** for **Members** in a Business Organization.

MFA verification occurs **after successful email and password authentication**, when required by organization security policies.

Members **cannot configure, enable, or disable MFA methods**.

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

If you are a **Member**, MFA verification may appear during sign-in.

You only need to:

* Follow the on-screen verification instructions
* Use the MFA method required by your organization

No prior configuration is needed unless instructed by your administrator.

***

### Purpose <a href="#purpose" id="purpose"></a>

This guide helps Members understand:

* When MFA verification is required
* What MFA verification methods may be used
* How to complete MFA verification successfully

***

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before completing MFA verification:

* You have already signed in with email and password
* MFA is enabled or enforced by your organization
* You have access to the required verification method

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

***

### 1. When MFA Verification Is Triggered <a href="#id-1.-when-mfa-verification-is-triggered" id="id-1.-when-mfa-verification-is-triggered"></a>

MFA verification is required when:

* Mandatory MFA is enforced by the organization
* Risk-based access control detects unusual behavior
* You sign in from a new device, location, or network

***

### 2. MFA Verification Methods <a href="#id-2.-mfa-verification-methods" id="id-2.-mfa-verification-methods"></a>

The verification method is automatically selected based on **organization policy**.

***

#### Option A: Authenticator App (TOTP) <a href="#option-a-authenticator-app-totp" id="option-a-authenticator-app-totp"></a>

**Step 1:** Select **Authenticator** as the verification method.

**Step 2:** Open your authenticator app on your mobile phone or tablet.

**Step 3:** Enter the verification code displayed in the app.

Once the code is validated, verification is completed automatically.

***

#### Option B: Email Verification Code <a href="#option-b-email-verification-code" id="option-b-email-verification-code"></a>

**Step 1:** Select **Email** as the verification method.

**Step 2:** Check your email inbox for the verification message.

**Step 3:** Enter the verification code provided.

Verification completes automatically once the code is validated.

**Note**: If you do not receive the verification code, see [What should I do if I don't receive a verification code when signing up or forgot password?](https://silvertiger.atlassian.net/wiki/spaces/QD/pages/193331260)

&#x20;

#### Option C: Passkey Verification (FIDO2 / WebAuthn) <a href="#option-c-passkey-verification-fido2-webauthn" id="option-c-passkey-verification-fido2-webauthn"></a>

**Step 1:** Passkey is selected as the default verification method.

**Step 2:** Click **Continue**.

**Step 3:** Verify your identity using a registered passkey.

Follow the on-screen instructions provided by your device to complete verification.

***

### 3. Verification Result <a href="#id-3.-verification-result" id="id-3.-verification-result"></a>

After successful MFA verification:

* Sign-in is completed
* You are redirected to your dashboard or assigned workspace
* Your session continues normally

***

### Failure and Retry <a href="#failure-and-retry" id="failure-and-retry"></a>

If MFA verification fails:

* You may retry within allowed limits
* Excessive failures may temporarily block sign-in
* You may be prompted to use an alternative method if allowed by policy

***

### Security Considerations <a href="#security-considerations" id="security-considerations"></a>

* Verification codes are time-limited and single-use
* Verification attempts are logged for audit purposes
* Rate limiting is applied to prevent abuse
* MFA may be required again for high-risk actions

***

### Important Notes <a href="#important-notes" id="important-notes"></a>

* Members cannot change MFA settings
* MFA methods are enforced by the organization
* Password reset does not disable MFA enforcement
* Loss of access to MFA method requires administrator assistance

***

### Summary <a href="#summary" id="summary"></a>

| Item              | Member                        |
| ----------------- | ----------------------------- |
| MFA Configuration | ❌ Not allowed                 |
| MFA Verification  | ✅ Required (if enforced)      |
| Supported Methods | Authenticator, Email, Passkey |
| Retry Attempts    | ✅ Limited                     |
| MFA Bypass        | ❌ Not supported               |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/business-account/members/mfa-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.