Added
MFA is now enforced for all non-SSO users
April 6th, 2026
We've enabled Multi-Factor Authentication (MFA) for all Orderful users authenticating with email and password login.
What's new
- MFA enforced for all non-SSO users – Any user authenticating with basic login (email + password) will be required to set up MFA upon their next login.
- Multiple factor options – Choose from TOTP (e.g., Google Authenticator), WebAuthn (fingerprint, Face ID, or security keys like YubiKey), Email, or Passkeys.
- 30-day "Remember this browser" – After completing MFA, users can opt to trust their current browser for 30 days, reducing repeated prompts.
- Recovery codes – During enrollment, users receive a one-time recovery code to regain access if their primary factor is unavailable.
What to expect
Upon next login, all non-SSO users will be prompted to enroll in MFA before accessing Orderful. SSO users are not affected — MFA for SSO connections is managed by your identity provider.
