Admin Signing in with MFA

Page summary

Signing in with MFA


This article describes how multi-factor authentication (MFA) works when signing in to the Betterez app, and how to use an authenticator app (such as Google Authenticator) to get the one-time code.

When MFA is required

If MFA is required for you, after you enter your email and password you will either be asked for your MFA code (if you already set it up) or be taken to the MFA setup page (if you have not set it up yet).

Sign-in flow when MFA is already set up

  1. Go to the sign-in page and enter your email and password.
  2. Click sign in.
  3. When prompted, enter the 6-digit code from your authenticator app (e.g. Google Authenticator) in the MFA field.
  4. Submit. If the code is correct, you are signed in.

Codes change every 30 seconds. Use the code currently shown in the app; if it expires, wait for the next one and try again.

Sign-in flow when you must set up MFA (first time)

If your account or your user has MFA required but you have not set it up yet:

  1. Sign in with your email and password as usual.
  2. You are redirected to the MFA setup page instead of the app.
  3. Install an authenticator app on your phone or device if you do not have one (see Authenticator app (e.g. Google Authenticator) below).
  4. On the setup page, scan the QR code with your authenticator app. The app will add an entry for “Betterez” (or your account name) and show a 6-digit code.
  5. Enter the 6-digit code from the app into the field on the setup page and submit.
  6. If the code is correct, MFA is enabled and you are signed in to the app.

After that, each time you sign in you will enter your password and then the current 6-digit code from the app.

Authenticator app (e.g. Google Authenticator)

Betterez MFA uses time-based one-time passwords (TOTP). You need an app that supports TOTP on your phone or device.

Google Authenticator is a free, widely used option:

Google’s help article Set up Authenticator explains how to install and use the app. In short: open the app, add an account by scanning the QR code shown during Betterez MFA setup (or enter the secret key manually if you cannot scan). The app will then display a 6-digit code that changes every 30 seconds; enter that code when Betterez asks for your MFA token.

Other TOTP-compatible apps (e.g. Microsoft Authenticator, Authy) also work with Betterez MFA: use “Scan QR code” or “Enter setup key” and follow the same flow as above.

Getting the 6-digit token

  • Open your authenticator app and select the entry for Betterez (or the account you added during setup).
  • The app shows a 6-digit code that updates every 30 seconds.
  • Enter that code in the MFA field on the sign-in or setup page. No spaces; numbers only.
  • If the code is rejected, wait for the next one and try again. Ensure the time on your device is correct, as TOTP depends on the current time.

Troubleshooting

  • Wrong or expired code: Use the code currently displayed. If it just expired, wait for the new one.
  • Time sync: If codes never work, check that your phone’s date and time are set correctly (or set to automatic). TOTP is time-based.
  • Lost device or app: If you can no longer access your authenticator app, an administrator must disable MFA for your user from Admin > Users (edit your user and use “Disable MFA”). You can then sign in with only your password and set up MFA again if required.
  • MFA required for all users: If the account has “Enable MFA for all users” turned on, you must complete MFA setup before you can use the app. There is no way to skip MFA at sign-in when it is required.

For account-level and per-user MFA configuration, see Account preferences – Multi-factor authentication (MFA) and Users – Multi-factor authentication (MFA).