Multi-factor authentication (MFA) adds a second step to your sign-in so a stolen email inbox alone can't access your firm's data. Nagaris supports passkeys, authenticator apps and SMS codes, with single-use backup codes as a safety net.
If your firm requires MFA, you'll see the Secure Your Account screen (Add an extra step to protect your sign-in.) straight after signing in, and you can't enter the workspace until you've enrolled a method. Your only other option on this screen is Sign out.
You can also enable MFA voluntarily at any time from your Security page.
Passkey — Use your face, fingerprint or device PIN. No codes needed. This is marked Recommended and only appears on browsers that support passkeys. Passkeys are phishing-resistant.
Authenticator App — Get a 6-digit code from an app each time you sign in.
Text Message (SMS) — Get a 6-digit code sent to your mobile each time you sign in.
Choose Passkey. On the Set Up a Passkey screen, give it a Passkey Name (e.g. MacBook Pro, iPhone) so you can identify it later.
Click Register Passkey and approve your device's prompt (Touch ID, Face ID, Windows Hello or a security key).
If you dismiss the prompt you'll see Passkey registration was cancelled or timed out. — just try again.
Choose Authenticator App. On Set Up Authenticator App, scan the QR code with your authenticator app (e.g. Google Authenticator, Authy, 1Password). Can't scan? Enter the key shown below the QR code manually.
Click I've scanned the code — Next.
On Verify Authenticator, enter the 6-digit code from your app and click Verify & Enable. A wrong code shows Invalid code. Please try again.
Choose Text Message (SMS). On Set Up Text Message Codes, enter the Mobile Number that should receive your sign-in codes and click Send Verification Code.
On Verify Your Mobile, enter the 6-digit code texted to you and click Verify & Enable. Use Resend code if it doesn't arrive, or Use a different number to start over.
After enabling an authenticator app (or SMS as your first method), Nagaris shows Save Your Backup Codes. Each code can only be used once, and they're your way in if you lose your phone or passkey. Use Copy or Download (saved as a text file), store them somewhere safe — ideally a password manager — then click I've saved my codes — Continue. When you're done you'll see You're all set! and can click Continue to Nagaris.
Once MFA is enabled, after your usual sign-in Nagaris shows a verification step:
Two-Factor Authentication — Open your authenticator app and enter the verification code., then Verify.
Verify with Passkey — click Use Passkey and approve the device prompt.
Text Message Verification — click Text me a code, then enter the 6-digit code and click Verify. Resend code becomes available after a 30-second countdown.
Backup Code — Enter one of your single-use backup codes. and Verify.
Links at the bottom of each screen let you switch between whichever methods you have enrolled — Use a passkey instead, Text me a code instead, Use an authenticator app instead or Use a backup code instead — or choose Cancel and sign in again to start over.
Invalid verification code — authenticator codes rotate every 30 seconds; wait for a fresh one and check your phone's clock is set automatically.
Invalid backup code — each backup code works exactly once. Try another from your saved list.
Too many attempts triggers Too many requests. Please try again in … — wait before retrying.
Lost every method (phone, passkey and backup codes)? Contact support so the team can reset MFA on your account, then re-enrol.