With Multi-Factor Authentication (MFA), you can add an authentication layer on top of the existing OTP/Password while logging into a Leegality account - to further safeguard against unauthorized access of Leegality from within your organization. 

With MFA activated, whoever is trying to log into a Leegality account has the required password/OTP access along with access to a third-party authenticator app that generates time-based OTPs (TOTPs) every 30 seconds. Each TOTP is valid for 60 seconds.

How to reach MFA

1. Click on account on your homepage

2. Click on Settings and them Multi-Factor Authentication

How to activate Multi-factor authentication

1. Press the “Enable” button and follow the steps mentioned i.e.

1. Download a Third Party Authenticator application like Google Authenticator on your mobile.

2. Scan the QR code provided from your mobile phone using the authenticator downloaded in the previous step
   Follow the below steps to install the authenticator:-

1. Download the authenticator from your relevant app store (Resources)

2. On the setup page of the app - Scan the QR code on the Leegality page

3. Add the recognized profile into your authenticator

4. Your MFA authenticator profile is set-up.
   
   The code mentioned in the authenticator app will keep changing every 30 seconds and will be valid for 30 seconds after it has changed.

3. Enter the OTP shown in the Authenticator app for Leegality (email@organisation.com).

Your MFA set-up is now active.

Multi-Factor authentication during Login

In addition to the OTP/Password an additional TOTP will now have to be provided every time a user logs into their account.

Once the user inputs the Username and OTP/Password a pop-up window will appear requesting an authorization TOTP which has to be accessed from the authenticator app for the concerned user.

De-activating Multi-Factor authentication

In the same Multi-Factor Authentication tab:

1. Click on the Diable button

2. Enter the latest OTP generated in the authenticator app for Leegality (email@organisation.com)

3. Press the “Validate OTP & Disable” button.

Things to note:-

• A total of 5 login attempts will be given to the user i.e. In case the OTP/Password (attempts) + Authorization TOTP (attempts) exceed 5, the user will be locked out of their account and a recovery email/SMS will be sent to their username to unlock the account.

• The authorization OTP (authenticator OTP) will be valid for a total of 60 seconds.  Thus a TOTP will remain valid for 1 cycle after it disappears from the authenticator app, and a new TOTP is displayed on the app.

• 
  

There is an overlap of validity for 30 seconds between 2 consecutive OTPs.

• Authorization OTPs will be consistent across all authenticator apps. 

• Multi-factor authentication is a user-level setting and will have to be set up individually in each user account of the organization.

• Multi-factor authentication is also applicable when a Leegality User (with auto-save toggled on/ in case 1FA or 2FA is enabled) accesses a document via a link i.e. from the completion email or the signing update email - Preview link, and the user will have to go through MFA in order to view the document.

• In case multi-factor authentication is de-activated and an attempt is made to re-activate it - The profile setup process will have to be repeated in the authenticator app.

• We have used Google authenticator as a basis for this article, other apps may have a slightly modified setup flow.

Industry-standard authenticator apps supported by Leegality:

• Microsoft Authenticator

• For Android

• For iOS

• Google Authenticator

• For Android

• For iOS

Leegality also supports “Twilio’s - Authy 2-Factor Authentication” and “Zoho’s - OneAuth - Multi-Factor Authenticator” among others.