Multi-factor Authentication (MFA) protects your organization from an unknown person trying to access your customer and financial data by adding an additional layer of security to Arlo’s login process.
When enabled, you’ll need to present two or more forms of evidence to gain access to Arlo, e.g. a code from an app on your mobile phone as well as a password. You may already be using something similar for other applications you log into such as Google or Office 365.
The Australian Tax Office has recently passed new security requirements for software providers managing financial data. Due to these new regulations, it is now compulsory for anyone with access to an Australian organisation on Xero to have MFA enabled on their login. As a Xero Partner, this will be a mandatory change that Arlo now needs to enforce. Therefore, if we detect your Arlo platform is connected to Xero in Australia, the MFA feature will be set to be required automatically.
When a you enable MFA, it only applies to admins/managers logging into the admin platform and not registrants logging into the customer portal.
As mentioned above, if we detect your Arlo platform is connected to Xero in Australia, the MFA feature will be set to Required automatically.
In the platform, MFA can be set to Optional or Required. By default, unless connected to Xero in Australia, each platform will have their MFA set to Optional.
When set to Optional, each user with access to the platform (those with administrator or manager access) can choose to set MFA up for their own account by following the instructions in Activate and configure MFA for your account. When set to Required, all users with platform access will be required to set up MFA by following the instructions in Set up MFA for an account.
- Open the Settings menu item.
- In the Advanced section, select Platform security.
- Use the switch to toggle between Optional MFA and Required MFA for your platform's users.
- Press Save or Save and close.
As part of setting up MFA, users will be required to meet Arlo's password strength settings. Passwords are required to be at least 8 characters long.
Users whose passwords do not meet the password length will be asked to change their password using the Reset password action on the login page.
If MFA is optional on the platform, you can activate and configure MFA for your own account. The setup process will require you to download an authenticator app.
If you already use an authenticator app, you can add another account to it for your Arlo login.
If you don't already have an authenticator app, we recommend one of the following, which are all free to download and use:
- Google Authenticator (Google Accounts Help Centre) for Android, iPhone, iPod Touch, iPad, and BlackBerry devices
- Microsoft Authenticator (Microsoft Help Centre) for Android and iOS devices
- Authy (Authy website) for iPhone, iPad, Android, Mac computers and Windows computers
- Windows Authenticator (Microsoft Store) for Windows Phones
You will not be able to activate MFA for another user's account.
- Open the Contacts menu item.
- Find and open your contact record.
- From the toolbar, press Edit.
- In the Security section, press Configure MFA setup.
- Scan the QR code in the authenticator app.
If you are unable to scan the QR code (e.g. if you are trying to log in on your phone, or if your scanner is not working), there is an option to copy a plain text key from the Arlo MFA setup page and paste it into the authenticator app. To get the plain text key, click Can't scan image under the QR code.
- Enter the code generated by the authenticator app in the field in Arlo.
- Press Confirm. MFA will now be set up.
Once MFA is set up, when you log in to Arlo, you will be challenged to enter the authentication code from your app. Enter the code into the field and press Confirm to complete the login.
When MFA is required at platform level, when a user next logs in to the platform, after they have entered their usual username and password, they will see the MFA security page.
Setting up MFA for an account is a process that is split into 3 steps:
- Download an authenticator app
- Sync the app with Arlo
- Log in to Arlo
Step 1: Download an authenticator app
If the user already uses an authenticator app, they can add another account to it for their Arlo login.
If they don't already have an authenticator app, we recommend one of the following, which are all free to download and use:
- Google Authenticator (Google Accounts Help Centre) for Android, iPhone, iPod Touch, iPad, and BlackBerry devices
- Microsoft Authenticator (Microsoft Help Centre) for Android and iOS devices
- Authy (Authy website) for iPhone, iPad, Android, Mac computers and Windows computers
- Windows Authenticator (Microsoft Store) for Windows Phones
Step 2: Sync the app with Arlo
Once the user has downloaded an authenticator app, they should follow they instructions in the app to set up their account.
If the user does not already have one, they may need to install a barcode scanner app, so they can scan the QR code in Arlo.
- Click Continue on the MFA security page.
- Scan the QR code in the authenticator app.
If you are unable to scan the QR code (e.g. if you are trying to log in on your phone, or if your scanner is not working), there is an option to copy a plain text key from the Arlo MFA setup page and paste it into the authenticator app. To get the plain text key, click Can't scan image under the QR code.
- Enter the code generated by the authenticator app in the field in Arlo.
- Press Confirm. MFA will now be set up.
Step 3: Log in to Arlo
Once MFA is set up, when the user logs in to Arlo, they will be challenged to enter the authentication code from their app. They enter the code into the field and press Confirm to complete the login.
If an Arlo user cannot access their authenticator app (e.g. they may have lost their phone), you can reset their MFA from the platform.
Due to the security risk, we recommend that all MFA reset requests are confirmed by speaking to the account holder (either via phone or in person) before the reset is completed.
- Open the Settings menu item.
- In the Platform setup section, select Administrators.
- Open the contact that requires the MFA reset.
- From the toolbar, press Edit.
- From the Security section, press Reset MFA.
- Confirm the identity of the person making the reset request, and press Reset.
- The user will now be able to reconnect their MFA by following the process in Set up MFA for an account.