Pipefy takes the safety of its users' information very seriously. That's why we offer a feature that enables users to enhance the security of their account information.
If a simple password doesn't seem safe enough, enabling an additional independent authentication layer provides extra security to prevent your information from falling into the wrong hands.
What is multi-factor authentication?
Multi-factor authentication (MFA) is a method of confirming each user's identity using a combination of at least two different methods.
Pipefy currently supports several mobile phone apps to confirm your authentication independently beyond your username and password/sign-on token. To authenticate using MFA on Pipefy you'll use your personal password (secret) plus a one-time-valid, dynamic passcode. The code will be generated and sent to your mobile device via any of the supported authenticator apps below:
What type of multi-factor authentication do Pipefy offer?
Pipefy currently offers standard time-based OTP system. While there are several mobile apps to consume it and that's the recommended approach, it is compatible with keychain OTP generators or even Chrome extensions such as Authy.
How to activate multi-factor authentication
From the User settings screen, you should be able to activate MFA for your account and retrieve your recovery codes. To do so:
Access your user settings: Click on your profile picture in the upper right corner of the screen, then select 'user settings'.
Enable MFA: Inside your user settings, roll the screen down until you find the MFA authentication section. Click the button that says "Enable multi-factor authentication":
Be sure to store your recovery codes securely, for instance by using Print to generate a paper copy or a PDF to save them at a safe location. If you do not have these recovery codes, losing access to the app where you set up Pipefy for MFA will cause you to lose access to Pipefy as well!
Once this is done, logout. The multi-factor authentication activation is only finished after you log in again.
You will be required to setup using one of the authenticator apps mentioned above once you login again. Choose, download and open the app and scan the QRCode on your screen. The app will provide a 6 digit code you'll type on the screen to connect Pipefy to it. Enter the code and click on the green button.
How to retrieve my account if I lost my device
If you're unable to login because you lost your device, use one of the exclusive recovery codes you generated and stored when you first activated MFA.
You should access the login page: https://app.pipefy.com/login then click on the 'Can't log in?' link between the password input box and the Log in button.
On the next screen, select the option 'Recover two-factor authentication code'. Submit the e-mail associated with your Pipefy account.
You should then receive an e-mail requesting you to access the following screen to enter one of your valid recovery codes. You should also decide:
If you want to keep using MFA and only reset the current authentication app (you'll need to have your mobile device with you to complete the setup). If so leave the "Continue using MFA" checkbox checked,
If you want to disable MFA from your account entirely (you can always reactivate it later on in your User settings), uncheck that checkbox.
After this, you should be able to login to your account as usual. You will want to make a note that the individual recovery code you used will no longer function and/or consider generating all-new recovery codes (see how below).
How to deactivate multi-factor authentication
Disabling MFA is really easy. First access your user settings by clicking in your profile picture in the upper right corner of the screen, then on 'user settings'.
Roll the user settings screen down until you find the multi-factor authentication button and click on "Disable multi-factor authentication":
If you don't have the recovery codes with you or if you have lost them, please ask our support team for help via in-app chat or writing to [email protected] We will never ask for your password or share your credentials during this process.