Security Beginner

MFA Setup: TOTP Authenticator App and Backup Codes

5 min read Updated February 25, 2026
Add multi-factor authentication to your clariBI account using a TOTP authenticator app. This guide covers setup with Google Authenticator or Authy, verifying your first code, and generating backup codes for account recovery.

Overview

Multi-factor authentication (MFA) adds a second layer of security to your clariBI account. After entering your password, you also enter a time-based one-time password (TOTP) from an authenticator app on your phone. Even if someone learns your password, they cannot log in without your phone.

clariBI supports TOTP-based MFA through any compatible authenticator app. SMS-based MFA is not available.

MFA setup page

Compatible Authenticator Apps

Any TOTP-compatible authenticator app works with clariBI. Popular options include:

App Platform Notes
Google Authenticator iOS, Android Simple, widely used
Authy iOS, Android, Desktop Cloud backup, multi-device sync
Microsoft Authenticator iOS, Android Also supports push notifications
1Password iOS, Android, Desktop Built into the password manager
Bitwarden iOS, Android, Desktop Built into the password manager

If you do not have an authenticator app installed, download one before starting the setup.

Setting Up MFA

Step 1: Open Security Settings

  1. Click your profile avatar in the top-right corner.
  2. Select Settings.
  3. Click Security in the left sidebar.
  4. Find the Multi-Factor Authentication section.
  5. Click Enable MFA.

Step 2: Scan the QR Code

clariBI displays a QR code and a text-based secret key.

MFA QR code screen

Using the QR code: 1. Open your authenticator app. 2. Tap the "+" or "Add Account" button. 3. Select "Scan QR Code." 4. Point your phone's camera at the QR code on screen. 5. The app adds a new entry labeled "clariBI (your-email@example.com)."

Using the secret key (if you cannot scan): 1. In your authenticator app, choose "Enter manually" or "Enter setup key." 2. Copy the text-based secret key from the clariBI screen and paste it into the app. 3. Set the account name to "clariBI" and the type to "Time-based."

Step 3: Verify Your First Code

  1. Your authenticator app now shows a 6-digit code that changes every 30 seconds.
  2. Enter the current code in the Verification Code field on the clariBI screen.
  3. Click Verify and Enable.

If the code is accepted, MFA is now active on your account. If it is rejected, wait for the code to refresh and try the new one. Make sure your phone's clock is accurate -- TOTP codes depend on synchronized time.

Step 4: Save Your Backup Codes

After enabling MFA, clariBI generates 10 backup codes. These are single-use codes that let you log in if you lose access to your authenticator app.

Backup codes display

Important: - Each backup code can only be used once. - Store them in a secure location: a password manager, a printed sheet in a safe, or an encrypted file. - Do not store backup codes in the same place as your password. - If you run out of backup codes, you can generate a new set from Security Settings (this invalidates all remaining old codes).

Click Download Codes to save them as a text file, or Copy to Clipboard to paste them into your password manager.

Logging In with MFA

After MFA is enabled, the login flow adds one step:

  1. Enter your email and password as usual.
  2. On the MFA screen, enter the 6-digit code from your authenticator app.
  3. Click Verify.

The code changes every 30 seconds. If the current code is about to expire (the timer in your app is almost at zero), wait for the next code.

Using a Backup Code

If you do not have access to your authenticator app:

  1. On the MFA screen, click Use a backup code.
  2. Enter one of your saved backup codes.
  3. Click Verify.

The used backup code is permanently invalidated. If you are running low on backup codes, generate a new set after logging in.

Managing MFA

Regenerating Backup Codes

  1. Go to Settings > Security > Multi-Factor Authentication.
  2. Click Regenerate Backup Codes.
  3. Enter your current password to confirm.
  4. Save the new codes. All previous backup codes are invalidated.

Disabling MFA

  1. Go to Settings > Security > Multi-Factor Authentication.
  2. Click Disable MFA.
  3. Enter your current password and a valid TOTP code to confirm.

After disabling, you can re-enable MFA at any time by repeating the setup process.

Switching Authenticator Apps

If you switch phones or want to use a different authenticator app:

  1. Disable MFA on your clariBI account.
  2. Set up the new authenticator app.
  3. Re-enable MFA and scan the new QR code with the new app.

There is no way to transfer the existing TOTP secret between apps through clariBI. You must disable and re-enable.

Troubleshooting

"Invalid Code" Error

  • Make sure your phone's clock is set to automatic. TOTP codes require accurate time synchronization.
  • Wait for the next 30-second code cycle and try again.
  • If you recently changed time zones, give your phone a moment to sync.

Lost Phone

Use one of your saved backup codes to log in, then:

  1. Disable MFA from Security Settings.
  2. Set up MFA again with your new phone or replacement authenticator app.
  3. Generate new backup codes.

If you have no backup codes and no access to your authenticator app, contact your organization's Owner or Administrator. They can reset MFA for your account from the admin panel.

MFA Required by Organization

Organization Owners and Administrators can enforce MFA for all members. If MFA is required, you see a setup prompt after login and cannot access the platform until MFA is enabled.

Related Articles

View All Articles

Still Need Help?

Can't find what you're looking for? Our support team is here to help you succeed with clariBI.

Contact Support View Documentation