2.2 Multi-factor Authentication

How to enable MFA

1. First, users need to sign in at id.opswat.com/profile.


2. On the left side menu, click on “MFA” → “Setup TOTP”


3. Before activating MFA, a set of recovery codes are generated in case something goes wrong with the authentication device. The tokens should be downloaded by the user and stored in a safe place. They can later be used to recover the account without the MFA device.


4. OPSWAT MFA works with any TOTP app. The recommended app is Google Authenticator, the links to install it can be found on the page. Using the preferred app, scan the QR code on the page (or input the text codes)


5. Input the TOTP code generated by the app to finish the setup process. Now the TOTP code will be requested at every user login.


Enforced MFA usage by account administrators

OPSWAT offers organizations the option to enforce MFA setup for all their users. If MFA is enforced on a user account, the user will be redirected to the MFA page after signing in. Users cannot leave this page or access any OPSWAT product until MFA is configured


How to Sign In with MFA enabled

1. Sign in


2. Input the TOTP code generated by the two-factor authentication App


How to Use, Get and Reset my Recovery Codes

Using Recovery Codes

1. After the user signs in with the username and password, if access to the MFA device is lost, or for whatever reason, the user cannot use the MFA app, click on “Use recovery code” (highlighted in yellow in the image)


2. Input one of the recovery codes


3. Now the user is able to login and reset the MFA setup

Get and Reset Recovery Codes

The recovery codes can be found at https://id.opswat.com/profile/mfa after the MFA setup is complete. To reset the codes click on “Reset Recovery Code”