How-To Guides

Set Up MFA for Your Entire Team in clariBI

D Darek Černý
November 11, 2025 7 min read
A step-by-step guide to rolling out multi-factor authentication across your clariBI organization. Covers TOTP setup, team rollout strategy, enforcement configuration, and troubleshooting common issues.

A single compromised password can expose your entire organization's business data. Multi-factor authentication (MFA) adds a second verification step — something you have (your phone) in addition to something you know (your password) — that stops the vast majority of unauthorized access attempts. This tutorial walks through setting up MFA for every member of your clariBI organization, from the initial configuration to full team rollout.

Why MFA Matters for Business Intelligence

BI platforms contain some of the most sensitive data in your organization: revenue figures, customer information, financial projections, and competitive metrics. If an attacker gains access to a team member's clariBI account through a phished password, a credential stuffing attack, or a reused password from a breached service, they get access to all of that data.

MFA effectively neutralizes password-based attacks. Even if an attacker has the correct password, they cannot log in without the time-based code from the user's authenticator app. Industry data shows that MFA blocks over 99% of automated account compromise attempts.

How clariBI MFA Works

clariBI uses TOTP (Time-based One-Time Password) authentication, the same standard used by Google, GitHub, and most major platforms. Users set up an authenticator app on their phone, scan a QR code to link it to their clariBI account, and then enter a 6-digit code from the app each time they log in.

Supported authenticator apps:

  • Google Authenticator (iOS and Android)
  • Microsoft Authenticator
  • Authy
  • 1Password (built-in TOTP support)
  • Any app that supports the TOTP standard (RFC 6238)
clariBI MFA setup screen showing QR code for authenticator app scanning and backup codes

Phase 1: Administrator Setup

Before rolling out to the team, the organization administrator should set up MFA on their own account first.

Step 1: Enable MFA on Your Admin Account

  1. Log in to clariBI with your administrator account
  2. Navigate to Settings > Security
  3. Find the Multi-Factor Authentication section
  4. Click Enable MFA
  5. Open your authenticator app on your phone
  6. Scan the QR code displayed on screen
  7. Enter the 6-digit verification code from your authenticator app to confirm setup
  8. Save the backup codes displayed after verification — store them securely (password manager, printed and locked away). These are recovery codes in case you lose access to your authenticator app.

Step 2: Test the Login Flow

  1. Log out of clariBI
  2. Log back in with your email and password
  3. You will be prompted for a verification code
  4. Open your authenticator app, enter the current 6-digit code
  5. Verify that login succeeds

If anything goes wrong at this stage, use one of your backup codes to log in and check your MFA configuration.

Phase 2: Team Rollout

Step 3: Communicate to the Team

Before enforcing MFA, give your team advance notice and clear instructions. Send a message covering:

  • What is happening: "We are enabling multi-factor authentication on clariBI to protect our business data."
  • What they need to do: "Install an authenticator app on your phone (Google Authenticator is the simplest choice) and set up MFA on your clariBI account by [date]."
  • Why it matters: "Our BI platform contains sensitive business data. MFA prevents unauthorized access even if a password is compromised."
  • How long it takes: "Setup takes about 3 minutes. After that, login adds about 5 seconds to enter a code."
  • Where to get help: "If you run into issues, contact [admin name] or see the setup guide below."

Step 4: Individual MFA Setup

Each team member follows these steps:

  1. Install an authenticator app on their phone (if they do not already have one)
  2. Log in to clariBI
  3. Navigate to Settings > Security
  4. Click Enable MFA
  5. Scan the QR code with their authenticator app
  6. Enter the verification code to confirm
  7. Save their backup codes in a secure location
Team MFA status dashboard showing which members have MFA enabled and which still need to set it up

Phase 3: Enforcement

Step 5: Monitor Adoption

As the organization administrator, you can check MFA adoption status:

  1. Navigate to Settings > Team Management
  2. Review the MFA status column — it shows which team members have MFA enabled and which do not
  3. Follow up individually with anyone who has not set up MFA by your deadline

Step 6: Enforce MFA Organization-Wide

Once all team members have set up MFA, enforce it at the organization level so that any new members are required to set up MFA during their first login:

  1. Navigate to Settings > Security
  2. Under Organization Security Policies, toggle Require MFA for all members to on
  3. Click Save

With enforcement enabled, any user who has not set up MFA will be redirected to the MFA setup screen upon their next login. They cannot access clariBI until MFA is configured.

Handling Common Issues

User Lost Their Phone or Authenticator App

This is the most common MFA support request. Solutions:

  • If they have backup codes: They can log in using a backup code and then reconfigure MFA with their new device.
  • If they do not have backup codes: The organization administrator can temporarily disable MFA for that user from Settings > Team Management. The user then logs in with password only and immediately sets up MFA on their new device.

User's Code Is Not Working

TOTP codes are time-based. If the clock on the user's phone is significantly wrong, codes will not match. Solutions:

  • Verify the phone's time is set to "automatic" (synced with network time)
  • Try the next code that appears (each code is valid for 30 seconds, with a brief grace period)
  • If the problem persists, disable MFA for the user and have them reconfigure from scratch

New Team Members

When you invite a new team member to your clariBI organization:

  1. They create their account and set a password
  2. If MFA enforcement is enabled, they are immediately prompted to set up MFA
  3. Include authenticator app installation in your onboarding checklist so new hires are prepared
Organization security settings in clariBI showing MFA enforcement toggle, session timeout, and security policies

Best Practices

Backup Codes Are Not Optional

Every user must save their backup codes. Recommend storing them in a password manager, which most team members should already use. Alternatively, print them and store in a secure location. Without backup codes, a lost phone means a locked account.

Start With Opt-In, Then Enforce

Rolling out MFA in two phases (voluntary, then mandatory) reduces friction. Give the team 1-2 weeks to set up MFA voluntarily before enforcing it. This gives people time to install the authenticator app and learn the flow without feeling rushed.

Use MFA Alongside Strong Passwords

MFA is not a replacement for password hygiene. Encourage (or enforce) unique, strong passwords for clariBI accounts. MFA protects against stolen passwords; strong passwords reduce the attack surface in the first place.

Review RBAC Together With MFA

MFA answers the question "is this person who they claim to be?" RBAC answers "what should this person have access to?" Both are important. While you are rolling out MFA, review your role assignments to ensure each team member has appropriate permissions. See the RBAC documentation for role configuration.

MFA is one of those security measures where the cost (a few seconds per login) is trivially small compared to the protection it provides. A single data breach can cost orders of magnitude more than the inconvenience of typing a 6-digit code. Roll it out to your team, enforce it at the organization level, and check one of the most impactful security boxes off your list.

D

Darek Černý

Darek is a contributor to the clariBI blog, sharing insights on business intelligence and data analytics.

64 articles published

Related Posts

View All Posts →

Ready to Transform Your Business Intelligence?

Start using clariBI today and turn your data into actionable insights with AI-powered analytics.

Start Free Trial View Pricing