Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA), also called Two-Factor Authentication (2FA), adds a critical layer of security to your Everflow account. Instead of relying on just a password, MFA requires a second verification step using your phone. MFA is enabled by default for all Core Platform users.

What You'll Learn

Everything you need to know about MFA in Everflow

• Why MFA matters for your account security
• How to set up MFA with Google Authenticator or SMS
• What to do if you're locked out of your account
• How to troubleshoot common MFA issues
• Answers to frequently asked questions

Why MFA Matters

Think of your Everflow account like a safe with two locks. Your password is the first lock. It's strong, but if someone discovers the combination, they're in. MFA is the second lock: a physical key that only exists on your phone.

Even if an attacker guesses your password, they still can't open the safe without that second key. Password-based attacks remain the leading cause of security breaches.

Credential stuffing, where attackers test stolen username/password combinations against thousands of services, reaches billions of attempts monthly. MFA stops these attacks cold.

Stolen or guessed passwords — Even complex passwords can be compromised through data breaches

Phishing attacks — If you accidentally enter credentials on a fake site, attackers still can't access your account

Unauthorized access — Bad actors can't get in, even if your email is compromised

Credential stuffing — Automated attacks testing leaked passwords from other sites won't work

How MFA Works in Everflow

When you log in with MFA enabled, you'll complete two steps: enter your password (first lock), then enter a 6-digit code from your phone (second lock).

Here's how the authentication flow works:

👤

Enter Email & Password

First lock

→

📱

Enter 6-Digit Code

Second lock

→

✓

Access Granted

You're in!

Verification Methods

Everflow supports two verification methods. Choose the one that works best for you:

Method

How It Works

Best For

Google Authenticator (Recommended)

App generates a new 6-digit code every 30 seconds. Works offline once set up.

Users who want stronger security and don't want to rely on cell service

SMS Verification

Code sent via text message to your phone number each time you log in.

Users who prefer not to install an app or have limited phone storage

While Google Authenticator is recommended, Everflow uses the industry-standard TOTP (Time-based One-Time Password) protocol. This means other authenticator apps like Microsoft Authenticator, 1Password, Authy, or Keeper are also compatible. However, Everflow Support documentation is written for Google Authenticator specifically.

Setting Up MFA

After MFA is enabled for your network, you'll complete setup during your next login.

Before you begin, download an authenticator app if you plan to use one:

🍎 Download for iOS (App Store) 🤖 Download for Android (Google Play)

Heads Up! The QR Code Only Appears Once If you're using Google Authenticator, the QR code is displayed only during initial setup. Make sure to scan it and add the entry to your authenticator app before closing the setup screen. If you close it without scanning, you'll need to contact your Super User for a reset.

Setup Steps

Enter your email and password as usual. After your credentials are verified, you'll see the MFA setup screen.

Choose Your Verification Method

Select either Google Authenticator or SMS:

• Google Authenticator: Open your authenticator app and tap the + icon to add a new account. Scan the QR code displayed on screen.

• SMS: Enter your mobile phone number. You'll receive a text message with your verification code.

Enter Your 6-Digit Code

Enter the 6-digit code from your authenticator app or SMS message into the verification field.

Setup Complete

Once verified, you're all set! From now on, you'll enter a code from your phone each time you log in.

What To Do If You're Locked Out

Lost your phone? Got a new device? Accidentally deleted the authenticator entry? Don't panic. Here's how to regain access:

Step 1 — Try First

👤 Contact Your Super User

Super Users can reset MFA for any employee in your network. Once reset, you'll see a fresh QR code the next time you log in.

📍 Control Center → Security → Multi-Factor Authentication

Step 2 — If Needed

💬 Contact Everflow Support

Reach out to Customer Success via chat or email if your Super User is unavailable, also locked out, or if there's a technical issue preventing the reset.

📍 Chat icon in bottom-right corner of any Everflow page

When to Contact Everflow Support Directly:

• Your Super User is also locked out
• There's no Super User available in your network
• You need to switch from Google Authenticator to SMS (or vice versa)
• You're experiencing a technical issue that the reset doesn't fix

Good To Know: No Backup Codes Everflow does not currently generate backup recovery codes during MFA setup. If you lose access to your authenticator app or phone, the only recovery path is through your Super User or Everflow Support. A reset removes your old MFA configuration entirely, allowing you to start fresh with a new QR code.

Troubleshooting Common Issues

Running into problems? Expand any section below to find solutions for common MFA issues.

My code isn't working / "Invalid code" error

Authenticator codes refresh every 30 seconds. If your code is rejected, try these fixes:

1. Check your device's time settings
Authenticator apps rely on accurate time to generate valid codes. Go to your phone's settings and enable "Set time automatically" or "Use network-provided time."

2. Wait for a fresh code
If the code timer is almost expired (showing only a few seconds left), wait for the next code to appear before entering it.

3. Verify you're using the correct entry
If you have multiple Everflow entries in your authenticator app (from previous resets), try each one. Once you identify the working entry, delete the outdated ones to avoid future confusion.

I don't see a QR code during setup

If the QR code doesn't appear when setting up MFA:

1. Clear your browser cache and cookies, then refresh the page and try again.

2. Try an incognito/private window to bypass any cached data that might be causing issues.

3. Look for a manual entry option
Some setups offer a text-based setup key as an alternative to scanning. In your authenticator app, look for "Can't scan?" or "Enter manually" to type in the code instead.

4. Try a different browser if the issue persists.

The QR code won't scan

If you can see the QR code but your authenticator app won't scan it:

1. Check camera permissions
Make sure your authenticator app has permission to access your camera.

2. Increase screen brightness
A dim screen can make QR codes difficult to scan.

3. Reduce glare and reflections
Adjust your screen angle or move to a different lighting environment.

4. Use manual entry
Most authenticator apps let you manually type in the setup key instead of scanning.

Blank white screen after entering my code

A blank screen after MFA verification usually indicates a browser or session issue:

1. Try an incognito/private window
This bypasses any cached data or cookies that might be causing the issue.

2. Clear your browser cache and cookies completely
Go to your browser settings and clear all browsing data, then try logging in again.

3. Type the login URL directly
Instead of using a bookmark, manually type your Everflow login URL. Old bookmarks may contain expired session data.

4. Try a different browser
If the issue persists, try Chrome, Firefox, Safari, or Edge.

If none of these work, contact your Super User or Everflow Support—they can invalidate your current session to force a fresh login.

OIDC callback error

This error occurs during the authentication handshake between your browser and Everflow. It's often related to browser extensions or network settings:

1. Clear browser cache and cookies

2. Disable VPN or ad-blocker extensions temporarily

3. Try an incognito/private window

4. Try a different browser entirely

If you continue seeing this error, contact Everflow Support for a session reset.

I'm not receiving SMS verification codes

If you've chosen SMS verification but aren't receiving codes:

1. Check your phone signal
Make sure you have cellular service. SMS codes can't be delivered over WiFi alone.

2. Verify your phone number
Confirm the phone number on file is correct and includes the proper country code.

3. Check your spam/blocked messages
Some phones filter messages from unknown numbers.

4. Wait a few minutes
SMS delivery can sometimes be delayed. Wait 2-3 minutes before requesting a new code.

5. Consider switching to Google Authenticator
If SMS delivery is unreliable in your area, contact your Super User or Everflow Support to switch to app-based authentication.

Frequently Asked Questions

Can I disable MFA for my account?

MFA is a network-wide security policy and cannot be disabled for individual users through the platform interface. Once enabled by your administrator, MFA applies to all employees in your network.

This "all-or-nothing" approach ensures consistent security across your organization. If your organization requires MFA to be disabled entirely, this requires a request to Everflow Customer Success and involves significant security considerations.

Can I use an authenticator app other than Google Authenticator?

Yes! Everflow uses the standard TOTP (Time-based One-Time Password) protocol, which means any authenticator app that supports TOTP will work. Compatible apps include:

• Microsoft Authenticator
• 1Password
• Authy
• Keeper
• LastPass Authenticator

However, Everflow's support documentation and troubleshooting guidance is written specifically for Google Authenticator.

I use Single Sign-On (SSO). Do I still need MFA?

No. If your organization uses SSO (Google Workspace, Azure AD, Okta), your identity provider handles all authentication—including any MFA your organization requires at that level.

When you log in via SSO, you won't see Everflow's MFA prompt. Your company's SSO provider manages your security verification instead.

Why am I being asked for MFA when I never set it up?

MFA was enabled by default for all Core Platform users as of September 2024. If you haven't logged in since then, you'll be prompted to complete MFA setup on your next login.

This is normal—simply follow the setup steps to configure your preferred verification method (Google Authenticator or SMS), and you'll be good to go.

I have multiple Everflow entries in my authenticator app. Which one do I use?

If you've had your MFA reset multiple times, you may have duplicate entries in your authenticator app. Each reset creates a new entry while leaving the old ones behind.

To identify the correct entry: try each code during login until one works. Once you find the active entry, delete the outdated ones from your authenticator app to avoid confusion in the future.

Can my team share one login with MFA enabled?

This is strongly discouraged. MFA is designed for individual users—sharing login credentials means sharing access to the authentication device, which defeats the security purpose of MFA.

Instead, create individual accounts for each team member so everyone has their own MFA setup. This also provides better audit trails and accountability.

If multiple people need access to the same data, contact your Super User to create additional employee accounts with appropriate permissions.

How do I switch from Google Authenticator to SMS (or vice versa)?

To change your MFA method, contact your Super User or Everflow Customer Success. They can reset your MFA configuration, which will allow you to choose a different method during your next login.

Common reasons to switch methods:

• You no longer have access to the app store to download an authenticator
• You're traveling internationally and can't receive SMS
• SMS delivery is unreliable in your area
• Your organization prefers a specific method