Setting up multi-factor authentication

Setting up multi-factor authentication

Multi-Factor Authentication (MFA) is an extra layer of security you can add to your portal account.

Attention
If your portal administrator connects your firm to Xero Practice Manager (XPM) to sync clients via the  Xero Sync feature, you are required to enable multi-factor authentication.
Important info
Enabling MFA requires an MFA mobile app, such as Authy or Google Authenticator . We recommend you install the app before getting started.

To start, navigate to Main menu > My Profile . The MFA section is at the bottom left of the page. MFA is  disabled by default on your first log in. 

Enabling MFA

  1. Click the Configure Multi-Factor Authentication  button. A page with instructions will appear.
  2. Open your chosen  MFA app on your phone and scan the QR code on the portal instructions page. Alternatively, you can insert your  email address and type the 16 character code into your MFA  app.
  3. When you can see The Gap Portal and six-digit code in your app, click Next on the portal instruction screen. 
  4. Type the six-digit code in the Authentication Code  input field. The button below will be enabled when you finish.
  5. Click the Complete Multi-Factor Authentication Setup button.
The MFA status will now appear as enabled in your User Settings .
Note
The codes provided by MFA apps change every 30 seconds. Ensure you enter a valid code before it changes!

Disabling MFA

Portal Administrators can remove the MFA requirement on behalf of any user by:
  1. Navigating to Main menu > > Manage Users.
  2. Clicking on the for the appropriate user.
  3. Clicking OK on the popover prompt.
All users can disable MFA when logging into the portal by following these steps:
  1. On the login page, enter your email and password.
  2. On the 'Enter MFA code' page, click 'Lost your code generator? Click here' below the Login button. The email address entered in step 1 will be sent an email to disable MFA.
  3. Open the email and click on the hyperlink provided. Please note: this link has a two-hour expiry.
  4. The MFA will now be disabled for your login.
Attention
If your firm uses Xero Sync, you are required to have MFA enabled. If you disable MFA you will not have access to portal features until you enable it again.

Additionally, users can disable their MFA via User Settings:
  1. Go to Main menu > My Profile. The MFA section is at the bottom left of the page.
  2. Click the Configure Multi-Factor Authentication button.
  3. Click Remove and Reset your Security
The MFA status will now appear as disabled in your User Settings. If your firm has an active Xero Practice Manager (XPM) integration, you will be redirected to the instructions to enable MFA and you will not be able to access other parts of the portal until MFA is enabled. If your firm does not have an active XPM integration, you will be redirected to your User Settings.

Note
Once disabled, existing MFA codes to your Gap account will stop working. If you wish to reenable MFA, make sure to delete your old code from your MFA mobile app first.

Troubleshooting MFA

  1. If you set up MFA a second time, make sure to delete the original code from your app as it will no longer work
  2. If you experience issues during your MFA setup, try using a different authentication app, such as Authy or Google Authenticator
Tip
We recommend setting up your own MFA code so you know how it works.
Note
Got a new phone? Check our article on how to transfer your Google Authenticator across to a new device or check this article if you use Authy.
Warning!
Do not share MFA codes or portal logins!

    • Related Articles

    • Customising your personal settings

      Personal Settings allows you to customise the settings personal to you, e.g. name, email, greeting and sign off, email signature, password, etc. You can also enable/disable Multi-Factor Authentication (MFA) in this area. Navigate to App bar > > My ...

    • Managing firm users

      The Manage Users area is where you can search, add or remove your firm's users, and verify their Multi-Factor Authentication (MFA) status. This area also displays the number of users your firm's membership allows; if you need more users, contact us ...

    • Transfering your Google Authenticator across to a new device

      Google Authenticator has now updated, allowing their users to transfer the app across to a new device. To start, you will need your old device with your Google Authenticator codes and your new device. Download Google Authenticator on your new device. ...

    • Syncing your client list from Xero Practice Manager

      Due to Xero's security standards, all users in a firm with an active connection from Xero Practice Manager (XPM) to The Gap Portal must be secured with Multi-Factor Authentication (MFA). Attention You must have administrator rights to access the ...

    • Using pre-work

      It's essential that pre-work is received from all attendees prior to any advisory meeting. Pre-work is important because: It engages the client in the process - preparing them for your meeting It helps you to understand the client's position to ...