MFA Devices

Overview

MFA Devices provide strong authentication by requiring users to verify their identity with a time-based one-time password (TOTP) generated on a registered device (such as Google Authenticator, Microsoft Authenticator, or Authy).

By pairing a device with Revvy, you ensure that even if a user’s password is compromised, access to the platform remains protected.

Adding an MFA Device

1. Navigate to MFA Devices in the sidebar.

2. Click Add.

3. Enter a Device Name (e.g., “Revvy”, “Work Phone”).

4. Click Continue.

5. A QR Code will be displayed.

6. Open your authenticator app on your device (Google Authenticator, Authy, etc.) and scan the QR code.

7. Enter the verification code generated by your authenticator app.

8. Click Confirm.

Once confirmed, the device will appear in the MFA Devices list with its Name, Status, and Timestamps (Created At, Updated At).

Using MFA Devices

After setup, whenever a user logs into Revvy, they will:

1. Enter their username and password.

2. Be prompted to provide the one-time code from their registered MFA device.

3. Gain access only if both factors are correct.

Managing MFA Devices

From the MFA Devices list, admins can:

• View registered devices and their status.

• Reconfigure devices if users lose access (e.g., lost phone).

• Delete devices that are no longer valid.

Benefits of MFA in Revvy

• Stronger protection against account compromise

• Compliance with enterprise security policies

• Easy setup with widely used authenticator apps

• Extra assurance for admins managing critical DevOps and Backup operations

Best Practices

• Encourage users to register more than one device (e.g., phone + tablet) for backup.

• Periodically review MFA device registrations for inactive users.

• If a user loses access to their device, admins should remove the device and prompt re-registration.