==Time-Based One-Time Password (TOTP) Implementation==
===Enforce TOTP Multi-Factor Authentication for Particular Roles===
:# In your SmartSimple instance (logged in as Global Admin) in the , go to'''Configuration MenuIcon''' (9-Square Grid Icon), select > '''Global Settings'''.<br /> [[File:GlobalSettings5.png|thumb|none|800px]]:# Select Go to the '''Security''' Tab from the Global Settings.:# Click tab > '''Password and Activation Policies> '''.:# Under “Authentication Options”, toggle on '''Enable Multi-Factor Authentication (MFA)'''.:# In the setting '''Roles with Time-Based One-Time Password (TOTP),''' include the roles that you will be adding 2want to enable multi-Factor Authentication factor authentication for. Note that the existing users in these roles must first scan the QR Code on their mobile device before this setting should be toggled on.:# Toggle on '''Enable Trusted Device''' if you would like users to be able to bypass entering a code for a time period after the code has been successfully entered. If enabled, also enter the time period that until the 2-Factor Authentication will be bypassed for trusted usersauthentication bypass expires.
:# Scroll to the bottom of the page and click '''Save'''.
:# To test your MFA, log out of your account, and then log back in. You should now see a page following login called “Set Up Multi-Factor Authentication.” Follow the instructions in the following section to set up TOTP Multi-Factor Authentication. <br /> [[File:MFASetupTOTP.png|thumb|none|800px|TOTP Setup Page.]]
===Logging in the First Time with TOTP===
When logging into the system for the first time after TOTP has been activated on the user's role, the user must first follow these steps:
:# For existing users: from the login page, enter your email and password as usual to log in. For new users: use the Activation Link to set a passwordIf user has TOTP enabled on their account, and submit.:# You they will then be presented with the following screenthe next time they log in: <br /> [[File:MFASetupTOTP.png|thumb|none|800px|TOTP Setup Page.]]:# Follow the instructions listed on the screen, starting . Start by installing an authenticator app on your mobile device. :# On your mobile device, open the authenticator app and select “Add the option to add a new device” device or similarscan a QR code. Then select “Scan QR Code” or similarEach app will have different actions. <br /> [[File:ScanQR.jpg|thumb|none|800px]]:# The app may prompt you for a QR code or a setup key. Back on your SmartSimple login page, click the button labeled Clicking the button "'''Show TOTP Key and QR Code" reveals '''. This will reveal the QR and secret code key used with an authentication app. <br /> [[File:QRandSecretCodeScreen.png|thumb|none|800px|QR and Secret Code Screen.]]:# After scanning Use the mobile app to scan the QR Code code or entering manually enter the secret key into the '''TOTP Secret Key''' in your Authenticator app. Once complete, a new device should will be added to your list. Alternatively, you could also use in the '''TOTP Secret Key''' as opposed to the '''TOTP QR Code'''app. :# Next, enter The mobile app will generate a time-based verification code. Enter this code into the TOTP field labelled '''Verification Enter Verification Code''' in on the modal windowsetup page. :# Press Click '''Submit. ''' when done.
===If the Mobile Device Associated with TOTP is Misplaced===