ROQ provides an additional layer of protection, which is Multi-Factor Authentication or called MFA. This security enhancement allows you to use your phone number as additional authentication.
A few steps must be taken on the ROQ Console before using the multi-factor authentication with SMS.
To utilize MFA through SMS on ROQ, you must enable SMS integration in the ROQ Console. The SMS integration can be done by going to the Integrations → SMS menu and activating the integrations.
Please note that at least one active SMS integration is required.
The next step is to enable MFA on the registration or login form in the ROQ Console.
Go to the ROQ Console (opens in a new tab), select Authentication → Design menu. Find the Form Configuration section to enable MFA. To enable MFA for each registration form variant, you should enable it individually by selecting the Two-factor Authentication flag.
This configuration will impact new users who register. To implement MFA for existing users, please follow the next steps.
To activate Multi-factor Authentication for existing users, you must turn on the ROQ Console's user MFA option. Navigate to the Users → User Details section and choose the specific users you wish to enable MFA.
Two settings require attention:
- Two-factor Authentication: Enable this option to apply MFA to the selected user.
- Phone: Enter your phone number, which will be used to send the OTP for login verification.
Users will have the Multi-factor Authentication feature once the above steps have been completed.
Next, when the existing users with MFA enabled try to log in, the user will be asked to enter a verification code. The user workflow can be described in the steps below:
ROQ will send a One-Time Password or OTP for login verification to the user phone number registered on the ROQ Console (Step 3 on MFA SMS Setup above).
You can also change the number if you have entered the wrong phone number by clicking the Change phone number.
Users with successful verification will get the recovery codes, which can be saved through manual copy-paste or downloading the recovery codes file.
The recovery codes will only be displayed once. Please ensure you keep them safe and confidential.
For a new user, MFA will be applied after successful registration. The user workflow can be shown in the steps below:
After registering successfully, new users will be prompted to provide their phone number to receive an OTP SMS as additional authentication.
At present, it is necessary to include both the phone number and its corresponding international code.
The following steps are the same for existing users. You will need to enter the OTP into the MFA form for verification.
You will receive a list of recovery codes, and you should backup by copying and pasting or downloading the recovery codes file.
Again, please ensure you keep them safe and confidential.
If the Two-Factor Authentication flag is turned off in the ROG Console authentication settings, users will not be required to verify their login, even if they have MFA enabled.