| Question | Answer |
| What happens if I just don't enable 2FA? | If it's Soft Enforcement, you'll see a pop-up prompting you to set up 2FA with every page refresh. However, you can skip it until the next refresh.
If it’s Hard Enforcement, you'll be redirected to the Hard Enforcement page after passing the authentication flow.
As in this case 2FA is mandatory, you won't be able to skip it and will be redirected persistently to the Hard Enforcement page until 2FA has been enabled. |
| Can I use SSO only? | Yes, you can. If you choose to use Single Sign-On (SSO), you won't be prompted to set up 2FA, irrespective of whether or not it is mandatory. Also, if you have enabled 2FA and use SSO, you can skip entering a 2FA code. |
| Is it possible to get a phone call with a code, instead of setting up 2FA? | No, this is not possible as we do not support this option. |
| Why is 2FA disabled in my profile? | If the Two-Factor Authentication button is disabled, it's probably because you never set a password. 2FA does require having a password in place. |
| Why do I get a Wrong Code message when I enter my 2FA code? | There are several reasons for this:
- The code you entered has expired.
- You might have entered a code from an
authenticator that hasn’t been
configured to be used for ApprovalMax.
- Or, you did set it up for ApprovalMax
but have turned 2FA off and then on again – if so,
you’ll need to set up a fresh
authentication record as the previous one won’t work.
- Or, you returned to a previous page during 2FA setup, which makes the code
generated for the QR code that you had scanned earlier (authentication record)
invalid – if so, you’ll need to delete the previously
added authentication record and set up a new one from scratch.
|
| What is 2FA Enforcement? | The feature 2FA Enforcement ensures that users do set up 2FA (Two-Factor Authentication). In case of Xero-connected Organisations, 2FA is mandatory for all users due to Xero requirements. However, for other Organisations, 2FA is optional. |
| Do all Organisations need to have 2FA enabled? | No, you only need to activate 2FA for Xero-connected Organisations because of Xero requirements. For other Organisations, 2FA is optional. |
| Is 2FA required for all users, or just Admins? | It is a requirement for all users. |
| While attempting to set up 2FA, and having scanned the QR code, the Next button is not working/I don't see the Next button. | There are several possible reasons for this: a network issue, a system glitch, an incompatible browser, an outdated UI version (if you haven't refreshed the page for a long time), or the resolution of your screen. If none of these reasons seem to apply, please contact the support team for assistance.
|
| How does the 2FA setup work in the mobile app? | Setting up 2FA is available in a web browser and in the mobile app. |
| Do I need to enter a code each time I close the app? | No, you won't have to enter a code then because closing the app does not log you out from your account. As long as you remain logged in, you can close and reopen the app without entering a 2FA code.
|
| Should I use Pin/Face ID plus 2FA? | If you have enabled both Pin/Face ID and 2FA, you'll have to use both for authentication. 2FA is mandatory only for Xero users as per Xero restrictions, while Pin/Face ID is mandatory for all users. |
| Can I set up 2FA on a mobile phone? | Yes, you can enable 2FA on your smartphone. |
| What alternative method do you offer? | You can pass the authentication flow through your SSO provider. This option does not require users to set up 2FA, even though it is supposed to be enforced. Also, you can use "Trust this device" feature. |
| Which Authenticator can I use, or do you suggest? | There are several authenticator applications you can use, such as: Google Authenticator (Android, iOS), Duo Mobile (Android, iOS), Microsoft Authenticator (Android, iOS), FreeOTP (Android, iOS), Authy (Android, iOS), Authenticator or Windows Authenticator. These applications provide a secure and convenient way to generate 2FA codes for your accounts. |
| What can I use as an alternative option if my personal email is not allowed, or I don't have another email address? | As an alternative option for Two-Factor Authentication (2FA), ApprovalMax provides the ability to generate backup codes. These backup codes serve as a reliable and secure method to access your account in case you cannot use the primary 2FA method, such as when you don't have access to your mobile device or the authenticator application. 10 codes are generated at once. Each backup code generated can only be used once. Once a backup code is utilized for authentication, it becomes invalid and cannot be used again. |
| What if a user has no smartphone, how can they receive codes? | If a user doesn't have a smartphone, they can use the desktop version of an authenticator application, such as: Authenticator or Windows Authenticator. By using the desktop version of one of these applications, users can generate the required codes for authentication. |
| Can I receive a code via landline? | No, we currently don't support an option to receive authentication codes via landline. The available methods for receiving codes are: on a smartphone, via the desktop version of an authenticator application, or by email to an alternative address. |