Skip to main content

Administrator MFA Setup Guide

This guide walks administrators through enrolling in Multi-Factor Authentication (MFA) to add an extra layer of security to their Manage1to1 account.

Estimated Time

Setting up MFA takes about 5 minutes. Have your smartphone ready before beginning.

Before You Begin

What You'll Need

  1. A smartphone (iPhone or Android)

  2. An authenticator app installed on your phone:

    • Google Authenticator (recommended)
    • Microsoft Authenticator
    • Authy
    • 1Password (if you use it)
    • Any TOTP-compatible authenticator

  3. A secure place to store backup codes (password manager, secure note, or safe location)

Check if MFA is Available

MFA must be enabled by your system administrator before you can enroll. If you don't see MFA options in your profile, contact your district's Manage1to1 administrator.

Step 1: Install an Authenticator App

If you don't already have an authenticator app on your phone:

For iPhone:

  1. Open the App Store
  2. Search for "Google Authenticator" or "Microsoft Authenticator"
  3. Tap Get to install
  4. Open the app after installation

For Android:

  1. Open Google Play Store
  2. Search for "Google Authenticator" or "Microsoft Authenticator"
  3. Tap Install
  4. Open the app after installation
Already Have an Authenticator App?

Skip to Step 2 if you already use an authenticator app for other services.

Step 2: Access Your Profile Settings

  1. Log in to Manage1to1 as an administrator
  2. Click your name in the top-right corner
  3. Select My Profile from the dropdown menu
  4. Click the Security tab

My Profile Security Tab

Step 3: Start MFA Enrollment

In the Multi-Factor Authentication section:

  1. Click the Enable MFA button
  2. A modal window will appear with a QR code

MFA Enrollment Modal

Keep This Window Open

Don't close the modal until you've completed the entire setup process.

Step 4: Scan the QR Code

  1. Open your authenticator app on your phone
  2. Tap the + or Add button (usually at the bottom)
  3. Select Scan QR Code (you may need to allow camera access)
  4. Point your camera at the QR code on your screen
  5. The app will automatically add a "Manage1to1" entry

Alternative method (if QR code won't scan):

  1. In your authenticator app, select Enter a setup key instead
  2. Copy the text code shown below the QR code
  3. Paste it into your authenticator app
  4. Set account name to "Manage1to1"
  5. Ensure Time-based is selected (not Counter-based)

Step 5: Verify Your Setup

Your authenticator app now shows a 6-digit code that changes every 30 seconds.

  1. Look at your authenticator app
  2. Type the 6-digit code into the Verification Code field on screen
  3. Click Verify & Enable MFA
Code Timing

The code refreshes every 30 seconds. If you're close to the refresh, wait for the new code to avoid timeout errors.

If you see an error:

  • Make sure you entered all 6 digits correctly
  • Wait for a fresh code and try again
  • Check that your phone's time/date is set to automatic

Step 6: Save Your Backup Codes

After successful verification, you'll see a list of 10 backup codes:

A3F8B2C9
D7E4F1A6
B9C2E5F8
6A3D8B1E
...

These codes are critically important!

Why Backup Codes Matter

Backup codes let you access your account if:

  • You lose your phone
  • Your phone breaks or is stolen
  • You get a new phone and haven't transferred your authenticator yet
  • Your authenticator app stops working

How to Store Backup Codes Safely

Choose ONE of these methods:

Option 1: Password Manager (Best)

  • Copy all codes into your password manager
  • Label them clearly: "Manage1to1 MFA Backup Codes"
  • Examples: 1Password, Bitwarden, LastPass

Option 2: Secure Digital Note

  • Save codes in an encrypted note app
  • Store in a cloud service you control (Google Drive, OneDrive)
  • Make sure the file is private/not shared

Option 3: Physical Copy

  • Write codes on paper
  • Store in a locked desk drawer or safe
  • Don't leave on your desk or in plain sight

Option 4: Multiple Locations

  • Save codes in TWO separate secure locations for redundancy
  • Example: Password manager + printed copy in safe
Never Do This
  • ❌ Don't email backup codes to yourself
  • ❌ Don't store in an unencrypted text file on your desktop
  • ❌ Don't save only in your phone's notes app (if you lose phone, you lose codes)
  • ❌ Don't share codes with anyone else

After Saving

  1. Click Copy Codes to copy all codes to clipboard
  2. Paste into your chosen storage location
  3. Verify codes are saved correctly
  4. Click I've Saved My Codes to complete setup

Step 7: Test Your Setup

Now that MFA is enabled, let's make sure it works:

  1. Click Logout in the top-right menu
  2. Return to the login page
  3. Enter your email and password as normal
  4. You'll be redirected to the MFA verification page
  5. Open your authenticator app
  6. Enter the 6-digit code shown for Manage1to1
  7. Click Verify

You should now be logged in! 🎉

Login Process Going Forward

Every time you log in:

  1. Enter email + password (as usual)
  2. Open authenticator app
  3. Enter the 6-digit code
  4. Access granted

Managing Your MFA

View MFA Status

To check your MFA status anytime:

  1. Go to My ProfileSecurity tab
  2. The Multi-Factor Authentication section shows:
    • "MFA is enabled" with green checkmark
    • Last time you used MFA
    • Number of remaining backup codes

Regenerate Backup Codes

If you've used some backup codes or want to create fresh ones:

  1. Go to My ProfileSecurity tab
  2. Click Regenerate Backup Codes
  3. Enter your password when prompted
  4. Save the new codes (old codes are now invalid)
Old Codes Stop Working

When you regenerate backup codes, all previous codes become invalid immediately. Make sure to save the new codes!

Disable MFA (If Allowed)

If MFA is optional (not enforced by your district):

  1. Go to My ProfileSecurity tab
  2. Click Disable MFA
  3. Enter your password to confirm
  4. MFA is now disabled
MFA Enforcement

If your district enforces MFA, the Disable MFA button won't appear. Contact your system administrator if you have concerns.

Using Backup Codes

When to Use a Backup Code

Use a backup code only when:

  • You don't have your phone
  • Your authenticator app isn't working
  • You're locked out and need immediate access

How to Use a Backup Code

  1. At the MFA verification screen, click Use Backup Code
  2. Enter one of your saved backup codes (8 characters)
  3. Click Verify Backup Code
  4. You'll be logged in
One-Time Use

Each backup code works only once. After using a code, cross it off your list. When you're down to 3 or fewer codes remaining, regenerate a fresh set.

Troubleshooting

"Invalid verification code" Error

Possible causes:

  • Entered code incorrectly
  • Code expired (they refresh every 30 seconds)
  • Phone time/date is incorrect

Solutions:

  1. Wait for a fresh code and try again
  2. Double-check you're looking at the right account in your authenticator app
  3. Go to phone settings → Date & Time → Enable "Set Automatically"

Lost or Broken Phone

If you have backup codes:

  1. Use a backup code to log in
  2. Go to My Profile → Security
  3. Click Disable MFA
  4. Re-enroll MFA with your new phone

If you don't have backup codes:

  1. Contact your district's Manage1to1 super administrator
  2. Request an MFA reset for your account
  3. Re-enroll immediately after reset

New Phone / Transferring Authenticator

Option 1: Transfer Within Authenticator App

  • Most authenticator apps have built-in transfer features
  • Google Authenticator: Settings → Transfer Accounts
  • Microsoft Authenticator: Built-in cloud backup

Option 2: Re-enroll from Scratch

  1. Before wiping old phone, disable MFA in Manage1to1
  2. Set up new phone with authenticator app
  3. Re-enroll in MFA using new phone

Authenticator App Shows Wrong Code

Make sure you're using the right entry! If you use MFA for multiple services, you might have:

  • Manage1to1
  • Google
  • Microsoft
  • Banking apps

Look for the "Manage1to1" or your district name in the authenticator app.

Best Practices

  1. Save backup codes immediately - Don't skip this step
  2. Test MFA after setup - Log out and back in to verify it works
  3. Store codes in multiple secure locations - Redundancy prevents lockouts
  4. Regenerate codes periodically - Fresh codes every 6-12 months
  5. Keep phone time accurate - Enable automatic time sync
  6. Don't share codes - Your authenticator codes are for you only

Common Questions

Q: Can I use the same authenticator app for multiple accounts? Yes! Most people use one authenticator app for all their MFA-enabled services (Manage1to1, email, banking, etc.). Each service gets its own entry in the app.

Q: What if I switch phones? Transfer your authenticator app using its built-in transfer feature, or disable MFA before switching, then re-enroll on your new phone.

Q: Can someone else set up MFA for me? No. MFA must be set up on YOUR phone with YOUR authenticator app. This ensures only you can generate login codes.

Q: How long do TOTP codes last? Each 6-digit code is valid for 30 seconds. The system allows a 90-second window (3 code periods) to account for slight time differences.

Q: Do I need internet on my phone to use the authenticator? No. Authenticator apps work offline. They use your phone's clock to generate codes.

Q: What happens if MFA becomes enforced after I've enrolled? Nothing changes for you. You'll continue using MFA exactly as before. The enforcement only affects administrators who haven't enrolled yet.

Need Help?

If you encounter issues during MFA setup:

  1. Check this guide first - Most problems have simple solutions above
  2. Contact your district IT - They can reset MFA if needed
  3. Reach out to Manage1to1 Support - We're here to help

Congratulations! Your account is now protected with Multi-Factor Authentication. You've taken an important step toward securing sensitive student and staff data.

Last updated on