Skip to content
English
  • There are no suggestions because the search field is empty.

Roll out MFA to your organisation

Learn what to communicate to your organisation before turning on MFA, and how to support users through the change.

This article covers what to tell affected users before MFA is enforced, what the sign-in experience looks like, how to support users who get stuck, and a summary of administrator controls.

MFA reduces the risk of account takeover from compromised passwords. With MFA active, users need a one-time code from an authenticator app as well as their username and password.

Turning on enforcement is recommended if your organisation has a security policy that requires MFA, or if you're completing a compliance or assurance review.

Q: Do I need to notify users before turning on enforcement?

A: You're not required to, but it's strongly recommended. Users will be prompted to set up MFA at their next sign-in, so advance notice helps them prepare.

Q: How long does MFA setup take?

A: Setup usually takes around two minutes once the user has an authenticator app installed.

Q: Does MFA enforcement affect SSO users?

A: No. SSO users sign in through Microsoft Entra ID. Their MFA is managed by Microsoft Entra ID.

Before you start

Check the following:

  • You have administrator access to Logiqc system settings.
  • You know which users sign in with a username and password.
  • You're ready to let users know MFA is coming before you turn it on.

Who is affected by Logiqc MFA?

Logiqc MFA applies to users who sign in directly to Logiqc with a username and password.

Username and password users

These users will be guided through MFA setup at their next sign-in after enforcement is turned on.

SSO users

These users sign in through Microsoft Entra ID. Logiqc MFA enforcement does not apply to them.

What to communicate to users

Before you enable organisation-wide MFA enforcement, let users know:

  • MFA will be required at their next sign-in.
  • They'll need an authenticator app on their mobile device, such as Google Authenticator, Microsoft Authenticator, or Authy.
  • They'll be guided through setup the first time they sign in after MFA is turned on.
  • After setup, each sign-in will require a 6-digit code from their authenticator app.
  • If they get stuck, they should contact their Logiqc administrator.
Send users these articles:

Ready to turn on enforcement? See Turn on MFA for your organisation.

Logiqc Mobile users

Logiqc Mobile users are also guided through MFA setup when they next sign in after MFA is turned on.

On mobile, users may need to copy the setup key from Logiqc Mobile into their authenticator app. After setup, they use the 6-digit one-time code from the authenticator app when signing in.

For detailed mobile steps, see:

Note: Mobile users may need to switch between Logiqc Mobile and their authenticator app during setup and sign-in.

Support users who get stuck

Most users can complete MFA setup without help. For users who do get stuck, the most common situations are:

User can't complete setup

  • Ask the user to check that their authenticator app is installed and that they are adding the Logiqc account shown on screen.
  • If they are using Logiqc Mobile, they can copy the setup key shown on screen and paste it into their authenticator app when adding the account.
  • For step-by-step setup guidance, send them to Set up MFA.

User entered the wrong code or the code expired

  • Codes refresh every 30 seconds. The user should wait for a new code and try again.
  • If codes consistently fail, the time on their mobile device may need to be set to automatic in device settings.
  • For sign-in troubleshooting, send them to Sign in with MFA.

User has lost access to their authenticator app

  • This is the situation that requires administrator action.
  • Reset their MFA from user administration. See Reset a user's MFA.
  • Once reset, the user can sign in and go through MFA setup again.

Administrator reference

Use this table as a quick reference for the MFA actions available to administrators.

Situation What to do
Require MFA for users who sign in with username and password Turn on MFA enforcement. See Turn on MFA for your organisation.
Enable MFA for one user only Use the MFA toggle in the user's account. See Manage MFA for individual users.
Disable MFA for one user Use the MFA toggle, only available when organisation-wide enforcement is off. See Manage MFA for individual users.
User is locked out of their authenticator app Use Reset MFA in the user's account. See Reset a user's MFA.
SSO user needs MFA support Direct them to your Microsoft Entra ID administrator. Logiqc does not manage SSO MFA.
Note: MFA currently supports authenticator apps for username and password sign-in. Backup codes, SMS, email, push notifications, and passkeys are not currently supported. If a user loses access to their authenticator app, the recovery path is administrator reset.

What happens next

Once MFA enforcement is turned on, users who sign in with a username and password will be prompted to set up MFA at their next sign-in.

After setup is complete, they use a 6-digit code from their authenticator app each time they sign in. Day-to-day, there is nothing else to manage unless a user needs their MFA reset.

To keep going, see: