Logging in using MFA

If MFA has been enabled for your account, you will need to enter the MFA code generated by your MFA app when logging in. This is entered after you have provided your username and password (if you haven't enabled MFA, you won't be taken to this box):

Enabling MFA

RiskTree supports MFA to protect your account. This is enabled from the Account details tab on the My Account page. To access this, click on My Account in the top menu bar:

The My Account page will show details of your account:

If MFA is not active, you will see a button. Click on this to generate your MFA key:

You can enter this code into your MFA application, or, if supported, you can use a QR code. To do this, click the button. The QR code will appear to the right.

This is the only time you will be able to see your MFA code and QR code. If you don't set up your MFA app now, you will need to resynchronize (explained below).

In order to complete MFA set-up, you will need to enter the six-digit code shown on your MFA app for RiskTree and press the button. You should then see that MFA is enabled for your account:

You will receive an e-mail confirming that MFA has been set up. If you do not complete the confirmation step, MFA will not be enabled on your account and you will need to restart the process.

If the time on device with your MFA app is not properly synchronized, the MFA confirmation process will not complete, and you will receive a warning message.

Disabling and resynchronizing MFA

If you revisit the My Account page, you will see that it is enabled. There will also be two option buttons:

Clicking on the button will remove MFA from your account. You will receive an e-mail confirming that MFA has been disabled, and you will no longer need to enter an MFA code at login. You will need to delete the RiskTree MFA from your MFA app.

Clicking the button will create a new MFA key. You will need to delete the existing RiskTree MFA from your MFA app, and re-enter the MFA key or re-scan the QR code. Your existing MFA key will be deleted. If you do not complete the process of resynchronization, MFA will be disabled for your account.

If your subscription is provided by an organization, your organization administrator can disable MFA on your account in the event that you lose your authentication device or it becomes unsynchronized.