Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA) or Two-Step Verification, enhances security by requiring multiple forms of verification to access Brand Toolbox.
By default, MFA is disabled but can be activated upon request and integrated with your site.
As a frontend user accessing the site, two steps are required to successfully complete Multi-Factor Authentication:
- Step 1: Register an MFA Authenticator (initial setup)
- Step 2: MFA login verification (ongoing)
Having trouble with Multi-Factor Authentication?
- Access MFA troubleshooting help below
Logging in via MFA requires the user to first register an MFA Authenticator, such as the Microsoft Authenticator or Google Authenticator apps.
These apps are available to download and install on your mobile device, from the App Store or Google Play.
Once the app is installed on your device, you can proceed to register^ it with Brand Toobox.
^ Note that you only need to register with an Authenticator app once. Once registered, each subsequent login requires verification of the one-time password code only (see ‘Step 2’ below).
To register an MFA Authenticator:
- Log in to the Brand Toolbox frontend with your username and password.
- On successful username/password submission, the following screen appears:
Multi-Factor Authentication Registration
To proceed, you are required to register an MFA Authenticator to secure your account. On your mobile device, download and install the Google Authenticator or Microsoft Authenticator app from the App Store or Google Play, and scan the QR Code below:
- Open your pre-installed Authenticator app, and (1) scan the Brand Toolbox QR Code with the app’s code scanner. E.g.
Microsoft Authenticator app screen
Google Authenticator app screen
- An MFA account is automatically created for you and linked to your Brand Toolbox email account.
- Select the Brand Toolbox account to reveal the ‘One-time password code’.
- (2) Copy the ‘One-time password code’ and enter it into the Brand Toolbox field, where requested. DO NOT enter any spaces that appear in the code.
Well done — you’ve successfully registered and logged in with MFA.
Each subsequent login to Brand Toolbox requires you to verify the ‘one-time password code’ displayed in your Microsoft Authenticator or Google Authenticator app.
After successfully entering your username and password on the Brand Toolbox login screen, the following screen will appear:
Multi-Factor Authentication
To proceed, enter the ‘one-time password code’ displayed on your authenticator device (Google Authenticator or Microsoft Authenticator):
To retrieve the code, open the Authenticator app on your mobile device, and:
- (1) Select the Brand Toolbox account to reveal the ‘One-time password code’...
Microsoft Authenticator app screen
Google Authenticator app screen
- (2) Copy and enter the ‘One-time password code’ into the Brand Toolbox field, where requested. DO NOT enter any spaces that appear in the code.
You’ve now successfully verified and logged in with MFA.
Having trouble with Multi-Factor Authentication?
This section covers common problems users experience when setting up or using MFA, along with step-by-step solutions to help you get back on track quickly.
Common MFA Issues:
1. Lost or Unavailable Device
Issue: You no longer have access to the device used for MFA.
Steps to resolve (member):
- Use a backup method (e.g. secondary device).
- Contact your IT/help desk or account administrator to verify your identity and reset MFA.
- Once your administrator has reset MFA, re-register MFA on the new device.
Steps to resolve (administrator):
- To reset a member’s MFA account, access their member profile in the ‘Members’ section, and click the ‘Reset MFA’ button...
2. Authenticator App Problems
Issue: The app is not working, missing, or generating invalid codes.
Steps to resolve (member):
- Ensure the app is installed and up to date (Google Authenticator or Microsoft Authenticator).
- Confirm the correct account is selected.
- Try restarting your device.
- Re-sync the app’s time settings (see #3 below).
- If the app is deleted or reset, contact your IT/help desk or account administrator to verify your identity and reset MFA.
- Once your administrator has reset MFA, re-register MFA on the reinstalled app.
Steps to resolve (administrator):
- To reset a member’s MFA account, see #1 ‘Steps to resolve (administrator)’ above:
3. Time Sync Issues
Issue: Codes from the authenticator app are not accepted.
Steps to resolve (member):
- Ensure your device’s date/time is set to automatic or synced with the network.
- Reattempt login after syncing time.
4. Multiple Accounts or Devices Confusion
Issue: You have multiple accounts in one authenticator app or are using a different device.
Steps to resolve (member):
- Check you’re selecting the correct MFA account in your authenticator app.
- Delete any duplicate accounts.
- Verify that the MFA code matches the account you’re logging into.
- Label your MFA entries clearly during setup (e.g. “CustomerName Brand Toolbox”).
5. MFA Locked Out or Too Many Attempts
Issue: Multiple failed attempts triggered a temporary lockout.
Steps to resolve (member):
- Wait for the lockout period to expire (usually 5–30 minutes).
- Ensure you’re entering the correct, current code.
- If you’re unsure or continue to be locked out, contact your IT/help desk or account administrator to verify your identity and reset MFA.
- Once your administrator has reset MFA, delete the account on the authenticator app, and re-register MFA.
Steps to resolve (administrator):
- To reset a member’s MFA account, see #1 ‘Steps to resolve (administrator)’ above:
Developer notes only
MFA is currently only available for frontend ‘member’ access.
To enable, key="mfa:enabled" must be set to "true" in the web.config :
<add key="mfa:enabled" value="true" />
The key="mfa:organisation" value is the name that will appear on the MFA Authenticator app. A customer name MUST be added to differentiate MFA accounts:
<add key="mfa:organisation" value="CustomerName Brand Toolbox" />
MFA help tooltip
An MFA help icon can be placed next to the MFA apparatus on the login page (with help text and links to the User Guide).
Tooltip settings and text can be configured here:
Content [section] > Settings [node] > Membership [tab]:
- Reveal MFA Tooltip [property]: Toggle ‘ON’ to reveal the help tooltip icon.
- MFA Tooltip [property]: Rich text editor to customise the help text.
A note about MFA and member registration
When new members first register, there are two MFA pathways for non-SSO accounts:
- External Suppliers usually go through an approval process. After approval from the Access Administrator, and on first login, the MFA registration process is initiated.
- Employees DO NOT usually go through an approval process, as only email validation is required. Therefore, after verification the member is logged straight in, and the MFA process isn’t initiated. However, when logging out and back in again (and on every subsequent login), the MFA apparatus is activated.
Next page: Agree to terms and conditions
Back to top