Skip to content
  • There are no suggestions because the search field is empty.

Truv External MFA FAQ

Common Questions

Q: Why is MFA required?

A: MFA adds an extra layer of security on top of your password and helps prevent unauthorized access to sensitive financial and identity data. Because production API keys provide access to regulated data, MFA is a standard industry best practice and is required to protect both your organization and your customers.

Q: How do I setup MFA?

A: If MFA is required for your account, you will be prompted automatically during Truv Dashboard sign-in. At that time, you can choose one of the available options (Authenticator App or SMS) and complete setup in under a minute.

If choosing an Authenticator App, Truv supports one of the below options:

  1. Auth0 Guardian (Google Play / App Store)
  2. Authy (Google Play / App Store)
  3. Google Authenticator (Google Play / App Store)
  4. Microsoft Authenticator (Google Play / App Store)

Q: Who is required to enroll?

A: If the user and the company they belong to meet the following criteria, they will be required to setup MFA

  • Company they belong to has an active production API key
  • Company users do not log into Truv Dashboard via Single Sign-On (SSO)
  • User has one of these roles in Truv Dashboard: Owner, Administrator, Developer

Q: Authenticator app vs SMS — which should I choose?

A: Authenticator app is recommended for additional security, but both options are supported

Authenticator app (recommended)

  • Supported mobile apps include: Auth0 Guardian, Authy, Google Authenticator, or Microsoft Authenticator
  • More secure than SMS
  • Works even without cellular service

SMS verification

  • Receive a one-time code via text message
  • Easier if you don’t want to install an app
  • Slightly less secure than an authenticator app

Both options are supported, but we recommend using an authenticator app when possible.

Q: What happens if a user doesn't have MFA set up?

A: If MFA is required for your account and you haven’t enrolled yet, you’ll be prompted to set it up during sign-in before you can continue. Access to Truv Dashboard won’t be allowed until MFA setup is complete.

Q: Does this affect existing users?

A: Yes, but only users who meet all the MFA requirement criteria. Users with Orders Manager or Billing Manager roles or companies that use SSO will not be affected.

Q: What if a company gets production keys later?

A: Once a company obtains production API keys, all eligible users (Owner/Admin/Developer roles) in that company will automatically be required to use MFA on their next login. If production keys are deactivated for a company, then the users will no longer be required to authenticate via MFA to login.

Q: How does this work with magic links?

A: When a user clicks a magic link to log in, the system checks if MFA is required. If yes, after clicking the link, they'll be prompted for MFA verification before gaining access. This prevents attackers from using a stolen or forwarded magic link.

Q: What if I lose my phone or need to reset my MFA?

A: Contact Truv Support via the email address you use to login to Truv Dashboard and we will include an Administrator from your account to confirm the validity of the reset request.

Q: How often will I be prompted?

A: MFA enrollment is a one-time setup.

After enrollment, you may be prompted again if:

  • You sign in from a new device or browser
  • Your session expires
  • Your MFA method is reset

Q: Who do I contact for help?

A: If you have questions or run into issues, please contact support@truv.com.

Our team is happy to help.