Troubleshooting: I'm asked to set up two-factor authentication - why, and what can I do?

If you're enforced to use 2FA, you'll be prompted to set up two-factor authentication:

Click on SET UP TWO-FACTOR AUTHENTICATION.
Download an Authenticator app on your smartphone.
Suitable Authenticator applications are:
- Google Authenticator (Android, iOS)
- DuoMobile (Android, iOS)
- Microsoft Authenticator (Android, iOS)
- FreeOTP (Android, iOS)
- Authy (Android, iOS)
- Authenticator
  
  If you don't have a smartphone, you can download a desktop version.

Do not delete the Authenticator app after installation. You will need it to log in to the system using 2FA.

Scan the QR code and click on NEXT.
It is important to finalise the 2FA setup: if you return to a previous page or close an active page during the 2FA setup, you’ll need to delete the previously added authentication record and set up a new one from scratch.

Enter the code from your Authenticator app and click on CONTINUE:

Important note: You may get a Wrong Code message when you enter a 2FA code.

There are several possible reasons for this:

The code you entered has expired, so you just need to enter a new one during the validity period.
You might have entered a code from an Authenticator app that hasn’t been configured to be used for ApprovalMax.
Or, you returned to a previous page / closed an active page during the 2FA setup. This makes the code generated for the QR code you scanned earlier (authentication record) invalid. If this is the case, you’ll need to delete the previously added authentication record and set up a new one from scratch.

Add an alternative 2FA option:

Click on BACKUP CODES to generate 10 codes that can be used during your login as a 2FA option:

Download or copy/paste these codes. Then activate the checkbox for "Yes, I have saved the backup codes" and click on DONE.

Please note: When entering a backup code, type it in without spaces (eight numbers in a row).

OR, click on BACKUP EMAIL to provide an alternative email address to fall back on and then on SEND ME THE CODE. This alternative email address will be used in case you lose your phone or accidentally delete the Authenticator app.
Open your mailbox and copy/paste the code:
Enter the verification code from the email and click on CONFIRM THE CODE:
When the 2FA setup has been completed, you can use the Trust this Device feature that allows you to designate a specific device as trusted during the login process. When enabled, this feature provides you with the convenience of bypassing the usual two-factor authentication (2FA) process on subsequent logins from the trusted device:

The Trust this Device feature is designed to strike a balance between user convenience and security. By allowing trusted devices, users are not burdened with repetitive 2FA steps during subsequent logins from those trusted sources. However, this feature should be used with caution and only on personal or secure devices to prevent unauthorised access to accounts.

Alternatively, you can pass the authentication flow through your SSO provider. This option does not require users to set up 2FA, even though it is supposed to be enforced.

Please also watch our how-to video on How to enable two-factor authentication for your ApprovalMax account: