Set up multi-factor authentication for your ActiveCampaign account

Multi-factor authentication (MFA) makes accessing your ActiveCampaign account more secure. Once enabled, you’ll need to use two methods of identification to access your account. One is your username and password and the other is a six-digit verification code. This code can be generated by an authentication app on your mobile device or via SMS text message. 

Multi-factor authentication helps protect data in your ActiveCampaign account and can prevent logins from unauthorized individuals. 

Take note

  • Enabling multi-factor authentication for your login is not required, however, it is recommended
  • If you choose an authentication app as your second factor, you will need to download an authenticator app to your mobile device. There are several different supported authentication apps to choose from 
  • If you choose SMS text message for multi-factor authentication, you will receive text message codes directly to your device
  • You will need your mobile device to generate a verification code each time you wish to log into your ActiveCampaign account 
  • In the event that you don't have access to your mobile device, we recommend storing your recovery codes on a separate device or offline. If you don't have your recovery codes, you can reset them in your ActiveCampaign account under Settings > Security > Reset Recovery Codes

How multi-factor authentication works with your ActiveCampaign account

Users in the Admin group can enable and disable MFA for individual users or the entire account. 

All other account users (non-admins) have the option to enable/disable MFA for their individual account login. 

First-time login: Users will need to use an authentication app on their mobile device to scan a QR code that appears during the account login process. The QR code will appear after they submit their account username and password on the login page. Each account user will have their unique QR code to scan. This QR code only needs to be scanned during the initial setup.

After a user scans the QR code, their authentication app will generate a six-digit verification code that they will need to type into their login screen.

Note: Using a QR Scanner app will not generate a verification code.

Once the verification code is submitted, users will gain access to their ActiveCampaign account.

In order for multi-factor authentication to take effect, users must log out of their ActiveCampaign account, then log back in.

If you disable then re-enable multi-factor authentication for your account login, you will need to rescan the QR code using the authentication app on your mobile device.

How to set up multi-factor authentication

If you are in the admin group for your ActiveCampaign account, you can enforce MFA for all account users or enable it on an individual basis. If you are not an account admin, you can still enable MFA for your own account.

If MFA is enforced by your admin on the entire account, you will not be able to modify your own MFA user settings.

Multi-factor authentication can be set up in three ways:

  1. Account admins how to turn on MFA for all account users.
  2. Account admins: how to turn on MFA for specific users.
  3. Admins and Non admins: How to turn on MFA for your own login.

Click each link below to expand instructions.

Account Admins: How to turn on multi-factor authentication for all account users

If you are in the Admin group, you can enforce multi-factor authentication for all users on your ActiveCampaign account. This means that account users will need to present a verification code along with their username and password in order to access their account.

In order to set up MFA for all users, you'll need to set it up for yourself first. To get started:

1. Click "Settings" then click "Security" in the left menu.

2. Two toggles will appear on the Security page. Click the "Set up for myself" toggle to set it to the "On" position.

3. A modal will appear. Choose how you will receive your authentication code by clicking one of the options. You can choose to use an Authentication App or an SMS text message.

4. Click the "Continue" button.

5. Enter the verification code then click the "Verify" button:

  • Authentication app: If you select this method, we'll present you with a QR code on your screen. Open the authentication app on your mobile devide and scan the OR code. The authentication app will generate a six-digit verification code. Type this code into the field provided. You only need to scan the QR code once.
  • SMS: if you select this method, click the country dropdown then click your country code. Next, type your phone number into the field provided. A six-digit verification code will be sent to you via text message. Type this code into the field provided.

6. Click the "Verify" button.

7. A modal will appear. It will contain recovery codes. Copy these codes and store them in a safe place. Click the "Done" button.

8. Click the "Enable for the entire account" toggle to set it to the "On" position.

9. A modal window will appear. Click the "Continue" button.

Multi-factor authentication is now enforced for all users on your account. All users that do not have multi-factor authentication will be logged out.

In order for multi-factor authentication to take effect, users must log out of their ActiveCampaign account, then log back in.

Account Admins: How to turn on multi-factor authentication for specific account users

If you are an account admin, you can enable multi-factor authentication for individual users on your ActiveCampaign account. This is an alternative to enforcing it for all account users. Once MFA is turned on for individual users, they will need to present a verification code along with their username and password to access their account.

To get started:

1. Click "Settings" then click "Users and Groups."

2. Locate the user you wish to enable multi-factor authentication for then click "Edit."

3. An "Edit User" modal will open. Locate the "Multi-Factor Authentication" toggle and set it to "On" by clicking it.

4. Click "Save."

Click toggle to enable MFA

The account user will have multi-factor authentication enabled for their login. 

In order for multi-factor authentication to take effect, users must log out of their ActiveCampaign account, then log back in.

Admins and Non-Admins: How to turn on multi-factor authentication for your own login

You can turn on MFA for your own account login. Once you do, you'll need to present a verification code, along with your username and password, in order to access your account.

1. Click "Settings" then click "Security" in the left menu.

2. Two toggles will appear on the Security page. Click on the "Set up for myself" toggle to set it to the "On" position.

3. A modal will appear. Choose how you will receive your authentication code by clicking one of the options. You can choose to use an Authentication App or an SMS text message.

4. Click the "Continue" button.

5. Enter the verification code then click the "Verify" button:

  • Authentication app: If you select this method, we'll present you with a QR code on your screen. Open the authentication app on your mobile devide and scan the QR code. The authentication app will generate a six-digit verification code. Type this code into the field provided. You only need to scan the QR code once.
  • SMS: If you select this method, click the country code dropdown then click your country code. Next, type your phone number into the field provided. A six-digit verification code will be sent to you via text message. Type this code into the field provided.

6. Click the "Verify" button.

7. A modal will appear. It will contain recovery codes. Copy these codes and store them in a safe place. Click the "Done" button.

Supported authentication apps

You can use any of the following authentication apps on your mobile device to access your MFA enabled ActiveCampaign account:

Have more questions? Submit a request