Multi Factor Authentication (MFA) for Customer and Vendor Portals
Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to an account, system, or application. This adds an extra layer of protection beyond just a username and password. This reduces the risk of unauthorized access, even if one factor, like a password, is compromised.
Zoho Books allows you to enable Multi-Factor Authentication (MFA) for the Customer and Vendor Portals to enhance account security and protect them from unauthorized access. Your customers and vendors can configure MFA by scanning a QR code using an authenticator app, such as OneAuth or Google Authenticator. After configuration, they can use the Time-based One-Time Password (TOTP) received in their autheticator app and log in to their portal.
Note: Once you enable MFA in the Customer Portal, it is applied to all your customers and vendors as the Portal Name and URL is same for both customer and vendor portals.
ON THIS PAGE
Enable MFA in Customer Portal Preferences
To enable MFA in the Customer Portal Preferences page:
- Go to Settings.
- Select Customer Portal under Preferences.
- Check the Enable multi-factor authentication (MFA) option.
- Click Save.
MFA will be enabled for both customer and vendor portals.
How Customers and Vendors Can Configure MFA
Prerequisite: Download an authenticator app (such as OneAuth or Google Authenticator) from the Google Play Store or the App Store.
Once you enable MFA for the customer and vendor portals, your customers and vendors can use an authenticator app (such as OneAuth, Google Authenticator) to configure it themselves.
To configure MFA, they should:
- Navigate to the customer or vendor portal Login page.
- Enter their credentials.
- Click Configure in the Enable MFA for their account page.
- Scan the QR code using their authenticator app.
Insight: They can also manually enter the authentication code received in their authenticator app.
- Click Next once they get the OTP on the authenticator app.
- Enter the OTP from the authenticator app.
- Click Verify.
- Click Enable MFA.
Now, your customers and vendors can log in to their portal using the TOTP received in their authenticator app.
Reset MFA for Customers and Vendors
If a customer or vendor loses access to their authenticator app and does not have backup codes, you can reset MFA for them. Here’s how:
- Go to Sales on the left sidebar and select Customers, or go to Purchases on the left sidebar and select Vendors.
- Select the required customer or vendor.
- Click the Gear icon next to their email address in the customer’s or vendor’s Details page, and select Reset Portal MFA from the dropdown.
MFA will be reset for the respective customer or vendor, and they will have to configure it again to log in to their portal.
Disable MFA in Customer Portal Preferences
Note: If a customer or vendor has already configured MFA, they must use TOTP to log into their portal, even after MFA is disabled. To disable MFA for these customers or vendors, you can reset it.
To disable MFA in the Customer Portal Preferences page:
- Go to Settings.
- Select Customer Portal under Preferences.
- Uncheck the Enable multi-factor authentication (MFA) option.
- Click Save.
MFA will be disabled in the Customer Portal Preferences page for both customer and vendor portals.
Yes
No
Thank you for your feedback!
