Overview

Multi-Factor Authentication (MFA) is a security process that requires users to verify their identity using two or more forms of authentication before accessing the CircuiTree Admin application. This extra step protects your account and organization by preventing unauthorized access, even if your password is compromised.

When MFA is enabled, you’ll sign in using your password plus a verification method such as:

• A one time verification code sent to your registered email that is valid for 10 minutes

• A verification code generated from a mobile authenticator app (like Microsoft Authenticator or Google Authenticator)

Note: MFA applies to admin users only. It does not affect end users logging into customer-facing portals or apps.

---

Password Requirements

Before MFA activation, make sure your password meets these enhanced security requirements:

Most existing users will need to reset their passwords immediately upon release, since many are already beyond the 90-day expiration threshold.

---

Inactive Account Policy

To keep accounts secure and clean up inactive logins:

• Users inactive for 60 days receive an email warning about upcoming deactivation.

• Users inactive for 83 days receive a final reminder about lockout in 7 days.

• Users inactive for 90 days are automatically deactivated.

---

First-Time Login with MFA Enabled

When you log in after MFA is turned on for your organization:

1. Email Verification (Initial Step)

   • You’ll first verify your identity through your registered email since your authenticator app isn’t set up yet.

   • Enter the one time verification code sent to your inbox that is valid for 10 minutes.

   •  

   If verification fails, you’ll see an error message prompting you to retry.

   

2. Authenticator App Setup

   • Once verified, you’ll be guided to set up a mobile authenticator app.

   • Download a supported app (Microsoft Authenticator, Google Authenticator, or Authy).

   • Scan the QR code shown on the screen

   • 

   • Or click “Unable to scan?” to manually enter the provided setup code.

   • 

3. Device Registration

   • The app will display an entry for “CircuiTree.”

   • Enter the one-time code generated from authenticator app along with a device name.

   • Click Continue to complete setup.

4. Manage MFA Devices

   • After setup, you’ll see a screen listing your registered authenticator app(s).

   • 

   • You can add new devices or remove existing ones as needed.

   • If you are working on a personal (not shared) device, you can have MFA remember you for 30 days and not prompt for an authenticator code during that time.

   • Click Continue to Application to access CircuiTree.

---

Future Logins

On subsequent logins:

• You’ll be prompted to enter a code from your authenticator app.

• 

• If you’ve added more than one app, you can choose which one to use.

• If you’ve lost access to your app or device, click “Try another way” → Email to receive a verification code in your inbox.

• 
• If you have more than one authenticator app defined, you will see a radio group allowing you to choose the app to authenticate with.
• 

---

MFA and Single Sign-On (SSO)

If your organization uses Single Sign-On (SSO) through a trusted identity provider such as Google Workspace or Microsoft Entra ID (formerly Azure AD), your SSO configuration already handles authentication and multi-factor verification.

In these cases, CircuiTree recognizes the SSO login as the approved authentication method, and you will not be prompted for additional MFA setup or verification within CircuiTree. This approach streamlines your users’ login experience while maintaining full compliance and security — the SSO provider enforces MFA and related security policies at the identity level, and CircuiTree honors those secure sessions.

Organizations not using SSO will continue to use CircuiTree’s built-in MFA feature to meet the same compliance and security standards.

---

Troubleshooting & Tips

• Lost Device: If you can’t access your authenticator app or registered email, contact CircuiTree Support at [email protected].

• Multiple Devices: Register at least one backup authenticator app if possible.

• Unexpected MFA Prompts: If you receive a prompt when you aren’t trying to log in, deny the request — this could indicate a suspicious attempt.

• Stay Current: Keep your mobile number and email up to date in your account profile.

• Multi-User Logins: CircuiTree does not recommend the use of generic or multi-user logins. Please reach out to CircuiTree Support for assistance with these types of accounts.

---

Regulatory Compliance & Security Standards

Multi-Factor Authentication (MFA) and PCI Compliance

Multi-Factor Authentication (MFA) is a vital part of maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance. Under PCI DSS requirements, any user who accesses systems that store, process, or transmit cardholder data must use multi-factor authentication to confirm their identity.

By enabling MFA in CircuiTree, we ensure that administrative access to payment-related systems, financial reporting, and customer information adheres to current PCI DSS v4.0 standards. This added verification step strengthens protection against unauthorized access and demonstrates our shared commitment to data security and compliance.

For clients, MFA helps your organization remain compliant with industry-mandated security controls while safeguarding sensitive information. The MFA process is quick for users, but it provides a significant security benefit — adding a critical extra layer of defense for your organization and the families you serve.

---

Quick Summary

---

---

Need Help?

If you have questions or need assistance with MFA setup, please reach out to our support team.