Multi-Factor Authentication (MFA)
Multi-Factor Authentication adds a second layer of security to your account. After entering your password, you also enter a code from an authenticator app on your phone.
Is MFA Required?
| Account Type | MFA Requirement |
|---|---|
| Healthcare practices | Mandatory -- You cannot access the dashboard without setting up MFA |
| Trades and law firms | Optional but recommended |
Healthcare accounts require MFA for HIPAA compliance. The dashboard will redirect you to the MFA setup page on first login and will not let you proceed until MFA is configured.
Setting Up MFA
What You Need
- A smartphone with an authenticator app installed:
- Google Authenticator (iOS / Android)
- Authy (iOS / Android)
- Microsoft Authenticator (iOS / Android)
- Any TOTP-compatible authenticator app
Step-by-Step Setup
- Log into your OzyOps dashboard.
- If MFA is required, you will be redirected to the setup page automatically. Otherwise, go to Settings > Profile > Security > Enable MFA.
- You will see a QR code on screen.
- Open your authenticator app and scan the QR code.
- In Google Authenticator: Tap the + button, then Scan a QR code.
- In Authy: Tap Add Account, then scan the code.
- Your authenticator app will start generating 6-digit codes that change every 30 seconds.
- Enter the current 6-digit code in the verification field on screen.
- Click Verify and Enable.
Below the QR code, you will see a setup key (a long text string). You can manually enter this key into your authenticator app instead of scanning.
Save Your Recovery Key
After enabling MFA, you will be shown a recovery key. This is a one-time code that lets you access your account if you lose your phone.
Write it down or store it in a password manager. This key is shown only once. If you lose your authenticator device and do not have the recovery key, you will need your account administrator to reset your MFA.
Logging In with MFA
After MFA is enabled, the login flow is:
- Enter your email and password (or sign in with Google/Microsoft).
- You are prompted for your MFA code.
- Open your authenticator app.
- Enter the current 6-digit code.
- Click Verify.
- You are now logged in.
The code changes every 30 seconds. If the code you entered has expired, wait for the next one and try again.
What If You Lose Your Device
If your phone is lost, stolen, or replaced:
If You Have Your Recovery Key
- On the MFA verification screen, click Use Recovery Key.
- Enter your recovery key.
- You will be logged in and can set up MFA on your new device.
If You Do Not Have Your Recovery Key
You will need your account Owner (or another admin) to reset your MFA:
- Contact your account Owner.
- The Owner goes to Settings > Team.
- They find your account and click Reset MFA.
- You can now log in without MFA and set it up again on your new device.
If you are the Owner and have lost both your device and recovery key, contact support@ozyops.com for identity verification and account recovery.
Common Questions
Can I use MFA without a smartphone? Any device that runs a TOTP authenticator app will work, including tablets. Desktop authenticator apps (like Authy's desktop version) are also compatible.
Can I disable MFA? Healthcare accounts cannot disable MFA -- it is required for HIPAA compliance. Non-healthcare accounts can disable MFA in Settings > Profile > Security.
Does each team member need their own MFA? Yes. MFA is per-user. Each team member sets up MFA on their own device with their own authenticator app.
What if my code is not working? The most common cause is a time sync issue. Make sure your phone's clock is set to automatic time. If codes still fail, try waiting for the next 30-second cycle.
Can I use SMS-based MFA instead of an app? No. OzyOps uses TOTP (time-based one-time password) via authenticator apps only. SMS-based MFA is less secure and is not supported.