Skip to content

Multi-Factor Authentication

SenseOn supports time-based one-time password (TOTP) multi-factor authentication (MFA). When MFA is enabled, you are required to provide a six-digit code from an authenticator app in addition to your password each time you log in.

Who Must Use MFA

  • Active Response users — MFA is mandatory for any account with the Active Response role. This requirement cannot be overridden.
  • All other users — MFA is optional unless your organisation's Admin has enforced it platform-wide.

Setting Up MFA on Your Account

You will need a TOTP-compatible authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy.

  1. Log in to SenseOn.
  2. Click your profile icon in the top-right corner.
  3. Select Security > Multi-Factor Authentication.
  4. Click Set Up Authenticator.
  5. A QR code is displayed. Open your authenticator app and scan the QR code.
  6. Your app will begin generating six-digit codes that rotate every 30 seconds.
  7. Enter the current code from your app into the Verification code field on the setup page.
  8. Click Verify and Enable.

MFA is now active on your account. Each login will require your password and a code from your authenticator app.

💡 Save your backup codes: During setup, SenseOn displays a set of one-time backup codes. Save these in a secure location. You can use a backup code to access your account if you lose access to your authenticator app.

Logging In with MFA

  1. Enter your email address and password as normal.
  2. When prompted, open your authenticator app and enter the current six-digit code.
  3. Click Verify.

⚠ Rate limiting: TOTP codes are validated with strict rate limiting (up to four attempts per second, five attempts per minute). After repeated failures, your account may be temporarily locked. Contact your Admin if you are locked out.

Step-Up Authentication

Certain high-risk actions in SenseOn require you to re-confirm your identity even within an active session. This is called step-up authentication.

When step-up authentication is triggered:

  • Accessing an Active Response session
  • Granting or revoking the Active Response permission for another user

How to complete step-up authentication:

  1. When prompted, enter your account password.
  2. If you have TOTP enabled, also enter the current code from your authenticator app.
  3. Click Confirm.

Step-up authentication is time-limited. If you take no action within the allowed window you will be prompted again.

Managing Your Authenticator Devices

Viewing enrolled devices

  1. Go to your profile icon > Security > Multi-Factor Authentication.
  2. All enrolled TOTP devices are listed with their name and enrolment date.

Removing a device

  1. Go to your profile icon > Security > Multi-Factor Authentication.
  2. Find the device you want to remove.
  3. Click Remove.

⚠ Removing your only MFA device: If you remove your only enrolled device and MFA is mandatory for your account (for example, because you have the Active Response role), you will need to enrol a new device before you can access certain features.

Admin: Removing a User's MFA Device

If a user has lost access to their authenticator app and cannot log in, an Admin can remove their TOTP devices:

  1. Go to Settings > Team.
  2. Find the user and click the three-dot menu.
  3. Select Remove MFA Devices.
  4. Confirm the action.

The user can then log in with their password and set up a new authenticator device.