Keepit Platform

Configure multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security to the sign-in process. When enabled, users must provide additional verification to access the platform.

Only the Master Admin role can enable MFA, and it is applied at the account level—meaning all users, including the Master Admin, will be required to use MFA once activated.

MFA can be configured using the following factors:

  • Trusted IPs: Restricts user access to a defined set of IP addresses, ensuring that only sign-ins from trusted locations are allowed.
  • Time-based one-time password (TOTP): Requires users to enter a code generated by an authenticator app during sign-in.

For optimal security, we recommend enabling both Trusted IPs and TOTP.

How MFA behaves with both factors enabled

  • If only Trusted IPs are enabled: A user can sign in only from within the trusted IP range.
  • If only TOTP is enabled: A user can sign in only by entering a code from the authenticator app.
  • If both Trusted IPs and TOTP are enabled: A user can sign in without entering the TOTP code when within the trusted IP range, but must enter the code if outside the range.

Configure MFA

1. In the lower-left corner, select your account profile > Account info.

2. Go to Security > MFA.

3. Enable trusted IPs and/or TOTP. (See below for details.)

4. Turn on the Enable MFA toggle.

5. Enter your password and select Confirm.

6. Select Save.

Note: To save certain settings, the Master Admin must enter the TOTP code if TOTP has been enabled. However, if Trusted IPs is also enabled and the Master Admin is signed in from a trusted IP address, the admin will not be prompted for the code.

Trusted IPs factor

1. Point to Trusted IPs and click the gear icon.

2. Turn on the Enable trusted IPs toggle.

3. Enter the start and end IP addresses of the necessary ranges.

Note: If you want to allow logins from a single IP address, enter the same address in both fields.

4. Enter your password and select Confirm.

5. Select Save.

6. Turn on the Enable MFA toggle, if it is not already enabled.

TOTP factor

1. Point to TOTP and click the gear icon.

2. Turn on the Enable sign in with TOTP toggle.

3. Click Save.

4. Enter your password and select Confirm.

5. Turn on the Enable MFA toggle, if it is not already enabled.

Once you enable both TOTP and MFA, each user will be prompted to set up TOTP with an authenticator app the next time they sign in.

To track which users have set up TOTP, navigate to Account Profile > Account Info > Users and check the Status column.