Announcing our new API documentation!
Check it out here
Knowledge Base
/
Enabling MFA

Enabling multi-factor authentication (MFA)

Turn on TOTP-based two-factor authentication for your SiteDetour account.

On this page:

Overview

SiteDetour supports TOTP-based multi-factor authentication (MFA). When MFA is on, signing in requires a six-digit time-based code from an authenticator app in addition to your password. This article walks through enabling, using, and disabling it.

Supported authenticator apps

Any app that implements RFC 6238 TOTP works, including:

  • Google Authenticator
  • Authy
  • 1Password
  • Bitwarden
  • Microsoft Authenticator
  • Yubico Authenticator (for hardware-backed TOTP on YubiKey)

Pick one you already use on your phone. 1Password and Bitwarden are good choices because they sync across devices and don't lose the secret if you lose or replace your phone.

Enabling MFA

  1. Sign in to SiteDetour and go to My Account.
  2. Find the Multi Factor Authentication card at the top. Status reads Disabled.
  3. Click Enable.
  4. A QR code appears. Open your authenticator app, tap Add account or Scan QR code, and point it at the code.
  5. Enter the six-digit code the app generates into the confirmation field.
  6. Click Save. Status updates to Enabled.

Your authenticator app is now paired with your SiteDetour account.

Signing in with MFA

After MFA is on, the sign-in flow adds one step: after entering your password, SiteDetour prompts for the current six-digit code. Enter it within the 30-second TOTP window. Success logs you in.

If you mistype a code, get a new one — TOTP codes rotate every 30 seconds.

Recovering a lost authenticator

If you lose access to your authenticator app (lost phone, wiped device without backups), contact SiteDetour support. Support will verify your identity through out-of-band means and reset MFA on your account. There is no self-service recovery, by design — a self-service reset path would defeat the purpose of MFA.

Organizational enforcement

On Business and Enterprise plans, Administrators can require MFA for every user in the organization. See Managing users. On lower tiers, MFA is opt-in per user.

Disabling MFA

On the My Account page, click Disable on the MFA card. You must enter a current TOTP code to confirm. Disabling removes the paired authenticator; if you re-enable later, you'll get a new QR code.

MFA and SSO

Users who sign in via SSO authenticate through your identity provider (Azure AD, Okta, etc.). MFA in that case is controlled by the IdP, not by SiteDetour. The SiteDetour MFA toggle only applies to password-based logins.

Next steps

SiteDetour Logo
Join our newsletter to stay updated on features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.
Thank you! Please check your inbox for a confirmation email.
Oops! Something went wrong while submitting the form.
Product
Support
Documentation
Find us
© All rights reserved. Sitedetour.com
Terms of ServicePrivacy Policy