Skip to content

Multi-Factor Authentication (MFA)

Overview

Multi-Factor Authentication (MFA) adds an extra layer of security to your RunMyProcess Digital Suite account. In addition to the standard username and password login, MFA requires a verification code delivered to your email. This helps protect your account against unauthorized access even if your credentials are compromised.

When enabled, MFA applies not only to the Digital Suite web platform but also to the RunMyApp mobile application.

How It Works

Enabling MFA

  1. Navigate to the Account module in Digital Suite.
  2. Open the Account tab.
  3. Select the option Enable multi-factor authentication.

⚠️ Important: If you are using any provider that authenticates with the Login/Password method based on a RunMyProcess user’s credentials, enabling MFA will cause authentication failures.

  • To resolve this, you must create a System User and switch the authentication method to System User Token.

  • For details, see the System User documentation.

Authentication Flow

  1. Login: After logging in with your username and password, you will be redirected to the MFA page.
  2. Verification Code: A one-time code will be sent to your registered email.
  3. Code Entry: Enter the code to complete the login process.
  4. If you did not receive a code, click Resend Code.
    • After the first resend, you must wait five minutes before requesting another.

MFA with Single Sign-On (SSO)

When Single Sign-On (SSO) is configured, the type of Multi-Factor Authentication (MFA) that applies depends on how the user logs in:

  • Login with RunMyProcess credentials (username and password):
    If MFA is enabled at the account level, the native RunMyProcess MFA will apply. After entering valid credentials, the user will receive an email with a verification code and must enter it on the MFA verification page.

  • Login via an external SSO provider (e.g., Azure AD, Okta, Google Workspace):
    The MFA configured in the external identity provider will apply instead. In this case, the platform-level MFA in RunMyProcess is bypassed, as authentication and MFA are fully managed by the SSO provider.

This ensures that users always follow the appropriate MFA policy based on their authentication method.

Using MFA with Custom Login Pages

If you use a custom login page, once the user clicks the Login button, they will be redirected to the MFA verification page (as shown below) where the user must enter the verification code sent to their registered email address. For configuration details, see the Custom Login Page documentation.

2_MFA

Using MFA with External System Connections

When Multi-Factor Authentication (MFA) is enabled for an account, standard user credentials (username and password) cannot be used to authenticate HTTP calls made from external systems to RunMyProcess resources.

In these cases, authentication must be performed using a System User.

External systems should include the System User token in the request header as follows:

Authorization: Bearer: SYSTEM_USER_TOKEN

This approach allows secure, automated access to RunMyProcess APIs or resources without requiring interactive MFA validation.

MFA in RunMyApp

When MFA is enabled on your Digital Suite account, it is automatically applied in the RunMyApp mobile application as well.

MFA is available starting from the following app versions:

  • RunMyApp for Android: version 4.6.0 or higher
  • RunMyApp for iOS: version 3.22.0 or higher

MFA will be required whenever new authentication cookies need to be created.

The cookie lifetime determines how long an active session remains valid before new cookies (and therefore MFA verification) are required.

Cookie lifetime can be configured in DigitalSuite under: Account → User Session

  • The value is defined in seconds.
  • Allowed range: 600 seconds (10 minutes) to 2,592,000 seconds (30 days).

When cookies expire, users will be prompted to complete MFA again to generate new authentication cookies.

IOS

3_MFA

Android

4_MFA