Multi-factor authentication (MFA) provides a security layer for your Iterable organization that helps protect your members' accounts from unauthorized access in the event of a credential breach.
MFA enhances login security by requiring users to provide multiple credentials to verify their digital identity. These credentials can fall into different categories, including:
- Knowledge: Something that the user knows, such as a password or PIN.
- Possession: Something that the user possesses, like a trusted device or security token.
- Biometrics: Something that uniquely identifies a person based on their physical characteristics, such as a fingerprint or facial recognition.
In Iterable, every user who logs in with a username and password is required to register another authentication factor and log in using MFA.
NOTE
Users who log in with single sign-on (SSO) and Sign in with Google aren't required or eligible to use Iterable MFA because their login methods handle authentication for Iterable.
In this article
Overview of MFA in Iterable
By default, all members that log in to Iterable with a username and password are required to register an authentication factor to log in to Iterable.
To set up and enroll in MFA, members can read Enrolling in Multi-Factor Authentication (MFA).
Members with the Manage Members org permission can reset MFA for the organization's members.
MFA enrollment requirements
To enroll in MFA and use it to log in to Iterable, members must:
- Have a supported authentication factor available.
- Use a browser and operating system that supports Webauthn. For more information, read Browser Support for WebAuthn.
- Have JavaScript enabled.
Supported authentication factors for MFA
Iterable doesn't require a specific authentication factor for MFA enrollment and org adminsitrators can't enforce a specific factor.
Instead, Iterable supports multiple authentication factors, and each member can use the method that works best for them.
Supported factors include:
-
One-time passwords (OTP) from an authenticator app. Users can use an authenticator app on their mobile device, browser extension, or other platforms. Examples include:
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- LastPass
- Bitwarden
WebAuthn with security keys, which supports physical security keys connected to a device, such as a YubiKey or a Titan Security Key, as well as digital passkeys like the one built into 1Password.
WebAuthn with device biometrics like Touch ID or Face ID. This method replaces the use of a password while logging in from a registered device. It does not replace the need for a second MFA factor (security key or OTP).
NOTE
Iterable does not support these authentication factors: SMS, push notifications, email, or phone calls.
Reviewing MFA-enabled members
Members with the Manage Members org permission can visit Settings > Organization Members to review whether members have enabled MFA.
Resetting MFA for a member
Sometimes a member may need to reset their MFA to enroll a new device. Iterable administrators are able to do this for members.
When an administrator resets a member's MFA enrollment, Iterable sends an email to the member with a link to set up MFA. The member can click the link in this email, or just log in to Iterable, to complete the setup process. The steps to enroll are the same as setting up MFA for the first time, and can be found in our guide, Enrolling in Multi-Factor Authentication (MFA).
To reset MFA for a member:
- Log in as an Iterable Org Admin or a member with the Manage Members org permission.
- Go to Settings > Organization Members.
- Find the member's name, then click on the overflow menu (three dots).
- Click Reset MFA.
- Review the confirmation for the correct member.
- Click Reset MFA to finish.
- Ask the member to log in to Iterable and enroll for MFA.