Relevant for: Enterprise Plan
What is two-factor authentication (2FA)
Two-factor authentication (2FA) adds more security to your online accounts. When your Company Admin activates two-factor authentication (2FA), each sign-in to Miro using your email and password will be followed by an extra layer of security. This additional step ensures enhanced protection for your account, requiring verification beyond your regular login credentials.
💡 If you're a Company Admin, learn how to enable two-factor authentication (2FA) for your organization.
How to set up two-factor authentication (2FA)
New users: During your initial sign-up process with your company email address, you will be prompted to enable 2FA.
Existing users: Upon your next sign-in, if your organization requires 2FA and you are not using single sign-on (SSO), you will be prompted to set up 2FA.
- Download an authenticator app on your mobile device. Authenticator apps, like Google Authenticator, Microsoft Authenticator, and Authy, generate a time-based one-time (TOTP) code for secure sign-ins to Miro. For guidance on which authenticator app to choose, ask your Company Admin or IT administrator.
-
Click I have an authenticator app in the Miro 2FA setup screen.
Confirmation of authenticator app
-
Using the authenticator app, you now have two options:
Scan the QR code- Open your authenticator app.
- Use the app to scan the QR code.
- After scanning, click on I scanned the code in Miro.
Scanning the QR code
Manually enter the Miro code- If you are unable to scan the QR code, click on Can’t scan QR code? in Miro.
- Miro will then provide an authentication code. Copy this code.
- Open your authenticator app and paste the copied code.
- After adding the code to the app, click on I added the code in Miro.
Copying the Miro code to paste in the authenticator app
- The authenticator app will generate a 6-digit verification code. Enter this code in Miro and click Verify code.
Verifying the 6-digit code -
After successfully verifying your account with the 6-digit code, Miro will provide a recovery code. Click Copy to save this code securely. It's crucial to have this code as it allows you to reset your 2FA in case you lose access to your authenticator app.
To confirm you've recorded the code, select I have recorded this code, then click Continue to complete the process.
Saving the recovery code
Signing in with two-factor authentication (2FA)
Once you have successfully set up two-factor authentication (2FA) for your account, each time you attempt to log in, Miro will prompt you to enter a 6-digit time-based one-time (TOTP) code.
This code is generated by your authenticator app and provides an extra layer of security for your account. Simply open your authenticator app, retrieve the current code, and enter it on the sign-in page to gain access to your account.
Signing into Miro with 2FA
You have 3 attempts before you will be prompted to restart the sign-in process.
Too many sign-in attempts with 2FA
Trusting two-factor authenticated (2FA) devices
If your administrator has set it up, you can choose the checkbox to Trust this device when signing into your account with 2FA when using a secure device (do not use Trust this device if signing in from a shared or publicly accessible computer). When you do this, you'll be able to sign in without entering your second factor, until a specified time period has passed. This time period is set by your administrator for between 7 and 90 days.
The duration of trusting a device is displayed next to the checkbox when signing in with two-factor authentication
If you do not see the option to "Trust this device," then your administrator hasn't enabled it for your organization.
If you sign in with a new device—or after you've cleared the cookies on your trusted device—2FA will be required again.
How to reset two-factor authentication (2FA)
If you encounter issues with your authenticator app, lose your device, or need to reset your 2FA for any other reason, follow these steps:
I have a recovery code
- Click on Reset two-factor authentication.
- Use the recovery code saved during your initial 2FA setup. You will be guided through the setup process again to reconfigure your authenticator app.
The option to reset two-factor authentication
I do not have a recovery code
If you've lost your recovery code or are unable to use the self-recovery flow:
- Click on Contact support.
- Our support team will assist you in resetting your 2FA and regaining access to your account. We prioritize these requests, adhering to the Service Level Agreement (SLA) associated with your organization's plan. For Premium Support customers, Miro offers 24/7 support, ensuring all requests are addressed within 2 hours.
The option to contact Miro support
Frequently asked questions
Two-factor authentication enhances security for your organization. As part of the Enterprise Plan, all non-SSO users must use two-factor authentication to sign in if this requirement is enforced by your Company Admin.
Yes. After completing the initial setup, you must use your authenticator app for every sign-in to ensure your account remains secure.
Ensure that your device's timezone, date, and time are correctly set. If the issue persists, try setting up 2FA on a different device.
If you accidentally trust a shared device, you'll need to clear the cookies for Miro on that device. Doing this is simple:
- Click on the slider icon on the left side of the address bar in your browser.
- Click on "Cookies and site data" in the menu.
- Then click on "Manage on-device site data."
- Click the trash can icon next to each URL listed there to clear the cookies and site data.
Note that once you've cleared site data from the device, you'll have to sign in again using two-factor authentication.
If you lose access to a trusted device before the trusted period has expired, you can use the Sign out everywhere option to remove access from all signed in devices (except for the device you are currently using). This will sign you out of all other devices and revoke 2FA from any trusted devices. You can find the Sign out everywhere link in your user profile settings. You'll then need to go through the 2FA sign in process again on devices you have access to.