Login
        Contents x
        Configure Multi-Factor Authentication (MFA)
        • 25 Jul 2025
        • 3 Minutes to read
        • PDF
        Contents

        Configure Multi-Factor Authentication (MFA)

        • Updated on 25 Jul 2025
        • 3 Minutes to read
        • PDF
        Article summary

        Multi-factor authentication (MFA) adds a critical layer of security to your Red Canary account. When enabled, users are required to provide a time-based one-time password (TOTP) from a separate device after entering a username and password. By default, MFA codes are sent to users via SMS text message, but we recommend using an authenticator app for the highest level of security.

        Red Canary supports the following standards-compliant MFA applications:

        • Google Authenticator

        • Duo Mobile

        • Microsoft Authenticator

        • Authy

        Enable MFA

        Follow these steps to enable MFA with a supported authentication app on your mobile device.  

        1. Click your user profile icon In the top-right corner of Red Canary, then click View Profile.

        2. Scroll down to the Two Factor Authentication section and check the Required box.

        3. Verify your current password and click Save.

        4. The page will refresh. Return to the Two Factor Authentication section and click the link to show setup instructions.

        5. Open your mobile MFA app and scan the QR code displayed on the screen.

        6. Enter the verification code generated by the app and click Verify.

        Note: If you are not prompted for an MFA code on your next login, clear your browser's cache.

        Reset Your MFA Device

        If you have a new phone or need to reconfigure your MFA application, you can reset your MFA settings.

        • If you can still log in: Follow the steps above to enable MFA with your new device.

        • If you can’t log in (and SSO is disabled): You can regain access by resetting your password:

          1. On the Red Canary login page, click Forgot?.

          2. Enter your email address and click Send me reset instructions.

          3. Follow the instructions in the password reset email.

          4. Once you have logged in, follow the initial setup instructions to configure MFA on your new device.

        • If you can’t log in (and SSO is enabled): An admin-level user must disable SSO and MFA for you. See Disable Multi-Factor Authentication (MFA).

        FAQs

        Can I authenticate with SMS text messages instead?

        Yes, by default, multi-factor authentication (MFA) codes can be sent to users via SMS text message. This allows you to receive a code on your registered mobile device to complete your login to Red Canary.

        However, for enhanced security, organizations have the option to protect their users from vulnerabilities such as SIM swapping attacks. This is achieved by disabling the use of SMS-delivered codes and mandating the use of app-delivered codes from a supported authenticator application.

        Note

        If your organization disables SMS-delivered codes, any user who has not yet configured an authenticator app will be unable to access their account. In such cases, these users will need to contact their administrator to be re-enrolled in MFA.

        What if I still can’t log in after resetting my password?

        If a user is unable to log in, even after a password reset, an administrator can temporarily disable the MFA requirement for that user's account. See Disable Multi-Factor Authentication (MFA).

        What if I didn't receive an SMS MFA code?

        Red Canary uses a highly reliable service provider to deliver SMS codes through carriers around the world. Almost all cases of messages not being delivered are the result of a carrier blocking certain messages. Check your phone or carrier's “unknown SMS” or “spam SMS” blocking settings.

        What if my app MFA code is not accepted?

        This is most often because the system time on your browser or mobile device is out of sync. Ensure your device has its system time set to “automatically update.” If you continue to have issues, restart your device.

        You can view how many seconds your system clock is off by visiting www.time.gov and reviewing “Your clock is off by.”

        What if I requested an SMS MFA code but received a “Page not found” or “Code could not be sent” error?

        Some combinations of browsers and ad-blocking extensions can cause certain HTTP POST requests to fail.

        If you click “Send an SMS code to” and receive a “Page Not Found” or “Code could not be sent” error, disable browser extensions and ensure you’re using a supported browser.

        What if I have a new device?

        Was this article helpful?
        What's Next
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout