Skip to main content

Multi-Factor Authentication

This guide explains how to enroll, use, and recover Multi-Factor Authentication (MFA) for TextCortex accounts. It is intended for users and support staff who need a practical, step-by-step reference.

Context

  • TextCortex supports both SSO-based logins (for example, Microsoft or Google) and email/password logins.
  • MFA is an additional authentication step required after initial login, regardless of the authentication method used.
  • For SSO users: After completing SSO authentication with your Identity Provider (IdP), you will be prompted to complete an additional MFA challenge within TextCortex if MFA is enabled or enforced.
  • For email/password users: MFA is managed in the TextCortex account security settings. After entering your credentials, you will be prompted to complete the MFA challenge.
  • If you do not see MFA controls in your account settings, contact your organization admin.

Procedure

1) Enroll MFA (first-time setup)

  1. Sign in to your TextCortex account.
  2. Go to Account settings -> Security -> Multi-Factor Authentication.
  3. Choose an available MFA method and follow the on-screen enrollment steps.
  4. Generate backup codes and store them in a secure password manager.

Notes:

  • If your organization enforces MFA, you may be prompted to enroll automatically during sign-in after the grace period.
  • SSO users will enroll MFA within TextCortex, not within the IdP.

2) Sign in with MFA

  1. Enter your username and password or complete SSO sign-in with your Identity Provider.
  2. After initial authentication is complete, you will be prompted to complete the MFA challenge using your enrolled method.
  3. If prompted to trust a device, only do so on personal, secured devices.

3) Manage MFA devices and backup codes

  1. Open Account settings -> Security -> Multi-Factor Authentication.
  2. Add a new device or method before removing an existing one.
  3. Regenerate backup codes after any device change or suspected exposure.

4) Recovery if MFA device is lost

  1. Use backup codes if available.
  2. If backup codes are unavailable, contact your organization admin or TextCortex support for identity verification and reset.
  3. After recovery, re-enroll a new MFA method immediately.

5) Enforce MFA at tenant level (admin only)

  1. Sign in to TextCortex with tenant admin credentials.
  2. Go to Tenant Settings -> Authentication & Access  -> Multi-Factor Authentication.
  3. Enable the toggle for "Require MFA for all users".
  4. Configure the enforcement policy:
    • Choose whether to enforce immediately or allow a grace period for enrollment.
    • Select which MFA methods are acceptable (authenticator apps, SMS, hardware keys, etc.).
    • Optionally exclude specific user roles or service accounts if needed.
  5. Click Save Authentication Settings.

Notes:

  • Enforcing MFA organization-wide significantly improves security posture by preventing weak password-only authentication.
  • Users will be prompted to enroll MFA on their next sign-in if enforcement is enabled.
  • Admins should provide enrollment support and backup code storage guidance to reduce lockout incidents.

Validation

  • Confirm you can sign in and complete an MFA challenge without errors.
  • If you recently changed devices, verify the new device is listed in MFA settings.
  • (For admins) Verify the MFA enforcement policy is active in Tenant Settings and confirm users are completing MFA.

Security Recommendations

  • Do not share MFA codes or approve prompts you did not initiate.
  • Keep backup codes in a secure password manager.
  • Add at least two MFA methods when possible to avoid lockouts.
  • (For admins) Enforce MFA organization-wide as a foundational security control.
  • (For admins) Regularly audit MFA enrollment status and address gaps in coverage.
Was this article helpful?