Set up multi-factor authentication for your ActiveCampaign login

Multi-factor authentication (MFA) makes accessing your ActiveCampaign account more secure. Once enabled, you’ll need to use two methods of identification to access your account. One is your username and password and the other is a six-digit verification code. This code is generated by an authentication app on your mobile device. 

Multi-factor authentication helps protect data in your ActiveCampaign account and can prevent logins from unauthorized individuals. 

Take note

  • Enabling multi-factor authentication for your login is not required, however, it is recommended
  • You will need to download an authenticator app to your mobile device. There are several different supported authentication apps to choose from 
  • You will need your mobile device to generate a verification code each time you wish to log into your ActiveCampaign account 
  • In the event that you don't have access to your authentication app on your mobile device, we recommend storing your recovery codes on a separate device or offline. If you don't have your recovery codes, you can reset them in your ActiveCampaign account under Settings > Security > Reset Recovery Codes

How multi-factor authentication works with your ActiveCampaign account

Users in the Admin group can enable/disable MFA for individual users or the entire account. 

All other account users (non-admins) have the option to enable/disable MFA for their individual account login. 

First-time login: Users will need to use an authentication app on their mobile device to scan a QR code that appears during the account login process. The QR code will appear after they submit their account username and password on the login page. Each account user will have their unique QR code to scan. This QR code only needs to be scanned during the initial setup.

After a user scans the QR code, their authentication app will generate a six-digit verification code that they will need to type into their login screen. 

Note: Using a QR Scanner app will not generate a verification code. 

Once the verification code is submitted, users will gain access to their ActiveCampaign account. 

In order for multi-factor authentication to take effect, users must log out of their ActiveCampaign account, then log back in. 

If you disable then re-enable multi-factor authentication for your account login, you will need to rescan the QR code using the authentication app on your mobile device. 

Admins: Enable and disable multi-factor authentication for account users

If you are in the admin group for your ActiveCampaign account, you can enforce multi-factor authentication for all account users, or enable it on an individual basis.

Click the links below to expand instructions. 

How to turn on multi-factor authentication for all account users

If you are in the Admin group, you can enforce multi-factor authentication for all users on your ActiveCampaign account. This means that they will need to present a verification code along with their username and password when accessing their account.

1. Click "Settings" then click "Security" in the left menu.

Click Security

2. Two toggles will appear on the Security page. You will first need to enable MFA for your own account login before you can enable it for all other users. To do so, set the "Set up for myself" toggle to "On" by clicking it.

Click Set up for myself toggle

3. An "Activate Multi-Factor Authentication" modal will appear and display a QR code. Open an authentication app on your mobile device and scan the code. Your app will then generate a six-digit code. Type this code into the modal then click "Verify."

Scan QR code and enter verification code

4. A "Save Recovery Codes" modal will appear and display recovery codes. Take a few moments to copy these codes and keep them in a safe place. You may need to use these codes to access your ActiveCampaign account if your mobile device is lost, stolen, or damaged.

When finished, click "Done."

Recovery codes

5. Click the "Enable for the entire account" toggle so that it's in the "On" position.

Enable MFA for entire account toggle

6. An "Enable Multi-Factor Authentication" modal will appear with the following message:

"All users that do not have multi-factor authentication enabled will be logged out by performing this action."

Click the "Continue" button.

Click Continue button

Multi-factor authentication will be enabled for all users on your ActiveCampaign account.

How to turn off multi-factor authentication for all account users

If you are in the Admin group, you can turn off multi-factor authentication for all users on your ActiveCampaign account.

1. Click "Settings" then click "Security" in the left menu.

2. Set the "Enable for the entire account" toggle to the "Off" position by clicking it.

Click toggle to turn MFA off for entire account

3. A "Disable Multi-Factor Authentication" modal will appear. Type your password into the field provided to confirm that you no longer wish to enforce MFA for all account users.

4. Click the "Disable" button.

Enter account password
How to turn on multi-factor authentication for an individual account user

You can enable multi-factor authentication for individual users on your ActiveCampaign account, rather than enforcing it for everyone. This means that they will need to present a verification code along with their username and password when accessing their account.

1. Click "Settings" then click "Users and Groups."

2. Locate the user you wish to enable multi-factor authentication for then click "Edit."

3. An "Edit User" modal will open. Locate the "Multi-Factor Authentication" toggle and set it to "On" by clicking it.

4. Click "Save."

Click toggle to enable MFA

The account user will have multi-factor authentication enabled for their login. 

How to turn off multi-factor authentication for an individual account user

You can disable multi-factor authentication for an account user. 

1. Click "Settings" then click "Users and Accounts."

2. Locate the user you wish to disable multi-factor authentication for then click "Edit."

3. An "Edit User" modal will open. Locate the "Multi-Factor Authentication" toggle and set it to "Off" by clicking it.

4. Click "Save."

Click toggle to turn MFA off

Non-admins: Enable and disable multi-factor authentication for your account login

If you are a non-admin user, you can enable multi-factor authentication for your own login.

If MFA is enforced by your admin on the entire account, you will not be able to modify your own MFA user settings. 

Click the link below to expand instructions.

How to enable and disable multi-factor authentication for your own account login

1. Click "Settings" then click "Security."

2. You will see an "Activate Multi-Factor Authentication" toggle. Click the toggle to set it to the "On" position.

Click Activate MFA toggle

3. An "Activate Multi-Factor Authentication" modal will appear and display a QR code. Open an authentication app on your mobile device and scan the code. Your app will then generate a six-digit code. Type this code into the modal then click "Verify."

Scan QR code and enter verification code

4. A "Save Recovery Codes" modal will appear and display recovery codes. Take a few moments to copy these codes and keep them in a safe place. You may need to use these codes to access your ActiveCampaign account if your mobile device is lost, stolen, or damaged.

When finished, click "Done."

Save recovery codes

Multi-factor authentication will be enabled for your account login. You will need to generate a verification code with your authentication app each time you wish to log into your ActiveCampaign account.

MFA is enabled

How to log into your ActiveCampaign account using multi-factor authentication

Once multi-factor authentication is enabled for your login, you'll need the following to access your ActiveCampaign account:

  • Your login credentials (username and password)
  • An authentication app on your mobile device

Click the links below to expand instructions

How to access your ActiveCampaign account after an admin enforces multi-factor authentication for your login

If your account admin has enforced multi-factor authentication for your login, you'll need an authentication app to scan a QR code and generate a six-digit verification code. You only need to scan the QR code one time.

1. Go to the login page for your ActiveCampaign account and type your email address and password into the fields provided. Then click the "Login" button.

2. On the next screen, you'll be prompted to scan a QR code. Open the authentication app on your mobile device and use it to scan this code. You only need to scan the QR code once.

3. The authentication app will generate a six-digit verification code. Type this code into the field provided.

4. Click the "Verify" button.

Scan QR code and enter verification code

You will be logged into your account where you can manage various features.

Every time you access your account with multi-factor authentication enabled, you will need to provide a verification code during the login process.

How to access your ActiveCampaign account after enabling multi-factor authentication for your own login

1. Go to the login page for your ActiveCampaign account and type your email address and password into the fields provided. Then click the "Login" button.

2. On the next screen, you'll be prompted to enter a six-digit verification code. Open the authentication app on your mobile device to look up the code.

3. Type the verification code into the field provided on the login screen.

4. Click the "Verify" button.

Enter verification code

You will be logged into your account where you can manage various features.

Note that if you do not have your mobile device handy, you can click "Use Recovery Code" and type a recovery code that was provided to you when you first enabled multi-factor authentication for your account.

About recovery codes

We provide recovery codes that you can use to log into your ActiveCampaign account. You will need to use these codes if your mobile device containing your authentication app is lost, stolen, or damaged.

Each recovery code presented to you during the initial MFA set up can only be used once. If you run out of recovery codes to use, you can reset them to create a new list of codes to use.

If you enabled MFA for your account login, you were presented with several recovery codes as part of MFA setup. If you are unable to access your recovery codes, please contact your account admin so they can reset them for you. 

If you are an admin and are locked out of your account, contact our Support Team and they can help you regain access to your account. 

Click the links below to expand instructions.

Log into your account with a recovery code

1. Go to the login page for your ActiveCampaign account and type your email address and password into the fields provided. Then click the "Login" button.

2. On the next screen, click "Use Recovery Code." 

Click Use Recovery Code

3. Type your recovery code into the field provided and click "Verify."

Enter recovery code

You will be logged into your account. 

Each recovery code presented to you during the initial MFA set up can only be used once. If you run out of recovery codes to use, you can reset them to create a new list of codes to use.

Reset recovery codes

If you need to reset your codes, you can do so on the Settings > Security screen in your ActiveCampaign account. All account users with MFA enabled can reset their own recovery codes.

1. Click "Settings" then click "Security."

2. Click the "Reset Recovery Codes" button.

Reset recovery code button

3. A modal window will appear. Type your account password into the field provided and click "Submit."

The modal will display recovery codes. Take a few moments to copy these codes and keep them in a safe place in the event you need to use them to access your ActiveCampaign account.

Save recovery codes

Supported authentication apps

You can use any of the following authentication apps on your mobile device to access your MFA enabled ActiveCampaign account:

Have more questions? Submit a request