Overview
Turn on MFA, set enforcement policies, and roll it out safely.
Prerequisites
- Admin access to AccessGuard Settings
Permissions required
Steps (4)
-
1
Open MFA settings
Go to Settings → Security → MFA. Choose **TOTP** as the second factor.
Tips
—
Validation
- Policy editor shows TOTP as available.
Success criteria
—
-
2
Select enforcement policy
Pick **Optional**, **Required for admins**, or **Required for all**. Add grace period if needed.
Tips
- Start with “admins required” for one week, then expand.
Validation
—
Success criteria
—
-
3
Notify users & verify enrollment
Send the enrollment link. Users scan the QR code and enter a 6-digit code.
Tips
—
Validation
—
Success criteria
- ≥ 95% of targeted users have MFA active before grace ends.
-
4
Enforce and monitor
Switch policy to “Required” and monitor MFA events under Security → Events.
Tips
—
Validation
—
Success criteria
—
About this guide
AccessGuard secures apps and external sites with hosted authentication and short-lived JWTs. Enable MFA, define RBAC permissions, and connect enterprise identity via SAML or OIDC. A lightweight HMAC bridge lets you embed login, registration, and token refresh flows on any domain without CORS pain.
Admins manage users, sessions, connections, and policies from one console. Profiles consolidate verified emails/phones, consents, KYC docs, and risk flags. Events and metrics provide visibility for security and ops.
Designed for velocity and safety: opinionated defaults, least-privilege keys, Prometheus counters, and exportable audit logs.