How to Enable Multi-Factor Authentication in CAKE

Rajul Islam

Modified on: Wed, 16 Jul, 2025 at 9:16 AM

What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. In CAKE, the first form is the username and password, and the second form is the unique code generated by an application on the user's mobile device. MFA is only for employees of the CAKE network not for partners like Affiliate, Advertisers, or Buyers.

Multi-Factor Authentication Best Practice and Setup

Downloading the Authentication App

Users can choose either the Google Authenticator or the Microsoft Authenticator mobile applications. Follow the links below to download the authentication app that is required to setup MFA.

Google Authenticator
- IOS - https://apps.apple.com/us/app/google-authenticator/id388497605
- Android - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US
Microsoft Authenticator
- IOS - https://apps.apple.com/us/app/microsoft-authenticator/id983156458
- Android - https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_US

Best Practices for rolling out MFA for your network

Before you enable the Enable Multi-Factor Authentication setting its best practice to execute the steps below in the

Download the Authenticator app on your mobile device.
Establish an internal release date.
Communicate that all employees must download the mobile application before the internal launch date. Note the communication should be focused on employees since Affiliates, Advertisers, and Buyers are not impacted by the Enable Multi-Factor Authentication setting.
Enable the Enable Multi-Factor Authentication setting on the internal release date.

Upon next login attempt all employees will be prompted with the Setup MFA Code Screen.

Scan the image with the Mobile App on your phone
Enter the 6 digit code from the mobile application
Hit Submit button
You should be logged in successfully
You have successfully setup MFA for your account!

All employee contacts login attempts moving forward will require the 6 digit code after the username and password is entered.

If are you redirected back to the login screen that means that either the username-password combination or the MFA code is not correct user will be redirected back to the login page with an invalid login message. All of the following username, password, and MFA code must be correct in order to login once the global setting has been enabled.

Enable MFA

Zoom:

Once you enable Multi-Factor Authentication users will need to use the second form of authentication to login into your CAKE instance. Please be sure to let all employee's know prior to enabling this feature as it will force users to setup MFA on their mobile device.

Setup MFA Code

Setup MFA Code Screen is only displayed to users who have not set up MFA yet. This screen is displayed after they have provided their username and password. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. Setup MFA Code Screenshot

Provide MFA Code

Provide MFA Code Screen is displayed to users who have successfully set up MFA for their account. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. MFA code screenshot

Recover Account vs. Change Password

Contact Card > Recover Account button has been added to allow users to recover an account in the event that a user is unable to login. Clicking Recover Account clears the Username, Password, and MFA Code. This will require users to set a new password and set up MFA again. If you wish to only reset the user's password but not the MFA device, you can click the Reset Password/Change Password button. Note that Change Password is only displayed on your contact card.

A new system Alert for Login From New IP/Device, this alert will be sent to users who have logged in from a new location or device. A simple email informing the user of the login IP and Device.

MFA Remember for 30 Days

Overview

We’ve enhanced our multi-factor authentication (MFA) experience by adding a “Remember me for 30 days” option. This checkbox is now available during both:

Initial MFA setup, and
Subsequent logins that require an MFA code.

When selected, users won’t need to enter an MFA code on that device for the next 30 days, reducing friction while maintaining security.

Example of UX

FAQ

Question	Answer
Is MFA Code no longer required in specific locations?	The 30 days have not passed users will not be prompted for the code on any location where a login screen is presented including the Security sub tab of the admin portal.
What if I dont check that checkbox?	Then its the same behavior as today you will be required to enter your code for every login attempt.
What happens if I check that checkbox?	All subsequent logins will not require an MFA code. Once the period expires users will be prompted to enter a code, at which point they can do the remember me checkbox again.