Multi-factor Authentication (MFA) is a privacy setting that allows you to verify user identity for controlling who can safely access your Tealium account.
In this article:
MFA is required during the login process when it has been enabled in your primary account and/or any other account that you are assigned to. MFA works in conjunction with an authenticator application to verify login requests in two steps.
When signing in to an MFA-enabled account, you are asked to provide the following:
Enabling or disabling MFA requires the Manage Accounts permissions. Only an Account Admin has the permissions required to toggle this setting.
Use the following steps to enable MFA for your account:
Use the following steps to disable MFA for your account:
Tealium MFA only accepts tokens from Google and Windows Authenticator applications. Click one of the following links for detailed information about how to install the authenticator application on your device:
In order for the app to start generating tokens, it has to be linked to your MFA-enabled account. Typically, you need to do this only once (except when your token is reset or you have a new device).
Use the following steps to set up our Authenticator applicaiton:
MFA does not support Blackberry devices. Contact your primary account holder or a Tealium account manager for assistance.A barcode displays.
Prior to signing in, the authenticator app should already be installed and synced with your account. Use the following steps to sign in to your MFA-enabled account:
If you recently switched to a new device or a new authenticator app, your existing token must be reset. This will allow the authenticator app on your new device to generate fresh tokens. Resetting tokens will not disable the MFA setting itself.
You can now reset your own MFA token for your primary account. Previously, only users with permission to Manage Accounts of your primary account were allowed to reset MFA tokens.
Close the window.
Next, notify the user to log in to their account to re-sync the app.
Next, log back in and set up the new MFA token.
This section describes how to use Multi-Factor Authentication (MFA) without a smartphone when logging into Tealium.
Use the following steps to install and configure the Authenticator Chrome extension:
Use the following steps to log in to TiQ and configure your Authenticator:
Android is the option that is compatible with the Authenticator Chrome extension.
If you cannot access your authenticator, use the following steps to receive a temporary MFA code by email:
IInformation about your primary account can be found in the User Preferences settings.
Only an Account Admin is permitted to manage the setting. Though you cannot enable or disable MFA, any user can reset their MFA.
Yes, but it is not recommended. Disabling MFA will remove the extra layer of protection that keeps your implementation safe from unauthorized users.
Tealium supports MFA for AudienceStream, EventStream, DataAccess, Web Companion, and Tealium Tools.
Yes. MFA will apply to all profiles within your account.
Yes. You are subject to MFA when signing into or switching to any MFA-enabled account — regardless of whether or not it is your primary account.
Tealium only supports tokens from Google and Windows Authenticator Applications on iOS, Android, and Windows phones.
You must enter your token every time you sign in or switch to an MFA-enabled account or anytime after clearing the cookies/cache from your browser history.
Ideally, you should only set up the application once after enabling MFA. If at any point your token was reset or you signed in from a new device, you will have to set up the application again.
No. At this time, only iOS, Android, and Windows operating systems are supported. You can optionally use the Authenticator Chrome extension to receive tokens from the browser.
For more information, see How to use MFA without a smartphone.
It is possible that your smartphone does not have a built-in barcode reader app, particularly if it is an Android device. If that's the case, then download and install a generic barcode reader app.
Ensure that the app you use is designed to scan generic barcodes only – not the mail barcodes you typically see on shipping labels.
If you encounter this error, the easiest thing to do is to start over. Go back to the login page, sign in with your username and password, and then proceed with the application setup steps.
My authenticator application has multiple entries of my synced accounts
This happens when the same barcode is scanned multiple times and does not introduce any problems. To correct, simply delete the unwanted entries and proceed to re-sync the app with your account.
Don’t worry if your token expired before you used it. You can use the next one since most apps generate fresh tokens every few seconds. How long each token lasts will depend on the app you are using.
In rare cases, there could be a timing issue on your smartphone, causing the sync to fail. Try this: