Signing into Your Yotpo Account Using Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a crucial defense mechanism in today’s world of cyber security. It enhances security by requiring users to provide multiple forms of verification to access accounts, beyond just passwords. This added layer of protection significantly reduces the risk of unauthorized access, even in the event of compromised credentials.

By implementing MFA, you will boost your defenses against cyber threats and safeguard critical operations from potential disruptions caused by security breaches.

In this article, you’ll learn how to set up Yotpo’s multi-factor authentication process.

How it works

Yotpo uses Auth0 as the security provider to manage user logins and enhance our security protocols to address these challenges.

The MFA process is adaptive, meaning that MFA will not be required for every login. If the login appears to be high-risk, users will be required to use an additional factor. To learn what is considered high-risk, see Auth0 docs.

Once enabled by the account admin, the MFA policy will be enforced on all organization users.

New user additions will automatically inherit the MFA configuration from their organization's settings.

Please note:

If you’re using Single Sign-On (SSO) to access your account, there's no need to set up MFA. You can choose whichever method fits your needs better. To learn more about SSO, see Setting up Single Sign-On.

Authentication methods

The authentication methods include:

• Authentication apps: The user is required to provide a one-time password using Google Authenticator or a similar app.

• WebAuthn using FIDO device biometrics: The user is authenticated via the WebAuthn-compliant device biometrics (fingerprint recognition) on their device.

Setting up MFA

Please note:

The setup process can be done only by the account admin.

To set up MFA for all users on your Yotpo account:

1. In your Yotpo main menu, click the Profile icon in the top right corner and go to Account Settings > Teammates.

2. Turn on the Enable MFA toggle.

Unlocking a user

To re-enable access to a user who has been locked out of their account, see Adding Teammates.

Resetting Multi-Factor Authentication (MFA)

The admin can reset a user’s MFA setup directly from the Teammates page in your Yotpo account. This will prompt the user to reconfigure their MFA details the next time they log in.

To reset MFA for a user:

1. In your Yotpo main menu, click the Profile icon in the top right corner and go to Account Settings > Teammates.

2. Locate the user whose MFA needs to be reset.

3. Click the three dots icon (⋮) next to the user’s name and select Reset MFA.

The user will now be required to set up their MFA details again during their next login attempt.

Troubleshooting

If you're having trouble receiving the MFA email verification code from Yotpo and cannot log in, follow these steps:

1. Verify the Correct Email Address
   Ensure you are checking the email inbox listed as your user email. The MFA code is sent to this specific email address.

2. Check Your Spam and Junk Folders
   Sometimes, the MFA email may be mistakenly filtered as spam. Be sure to check your spam or junk folders for an email from Yotpo.

3. Whitelist Yotpo's Email Address
   Add no-reply@yotpo.com to your email settings or filters to ensure future MFA emails are delivered directly to your inbox.