How MFA works
When MFA is enabled, signing in requires two steps:- Something you know - Your email and password
- Something you have - A verification code sent to your phone
MFA methods in Forerunner
SMS verification
Forerunner uses SMS-based verification for team member accounts:MFA via SMS requires a mobile phone capable of receiving text messages. If you have limited cell service, contact your CSM to discuss alternatives.
Setting up MFA
If your account requires MFA and you haven’t set up a phone number:Managing your MFA phone number
Updating your phone number
To change the phone number used for MFA:When MFA is required
MFA requirements are set at the account level by your Customer Success Manager:Account-wide MFA
When enabled for the account:- All team members must complete MFA setup
- MFA is required on every sign-in
- Phone numbers become mandatory profile fields
Optional MFA
Some accounts allow individual users to opt in:- Users can enable MFA in their settings
- Provides additional security without account-wide requirement
- Recommended for users with sensitive access
Contact your Customer Success Manager to discuss enabling MFA for your account or to change MFA requirements.
Troubleshooting
Not receiving verification code
Not receiving verification code
Try these steps:
- Wait 1-2 minutes for the code to arrive
- Check that your phone has cell service
- Verify the phone number on file is correct
- Request a new code by clicking “Resend code”
- Check if your phone blocks messages from short codes
- Contact your carrier to ensure SMS short codes aren’t blocked
- Contact your Manager or CSM for assistance
Code expired
Code expired
MFA codes expire after a short period (typically 5-10 minutes). Request a new code and enter it promptly.
Lost access to phone
Lost access to phone
If you no longer have access to your MFA phone number:
- Contact your Manager immediately
- They can work with your CSM to reset your MFA
- You’ll need to verify your identity through other means
- Set up a new phone number once access is restored
Changed phone numbers
Changed phone numbers
If you have a new phone number:
- Sign in using your old number if still accessible
- Update your phone number in settings
- Verify the new number
- Contact your Manager for MFA reset assistance
Wrong phone number on file
Wrong phone number on file
If the wrong number was registered:
- Contact your Manager
- They can work with your CSM to correct the phone number
- You’ll verify the correct number during reset
MFA required but not set up
MFA required but not set up
If MFA is newly required for your account:
- You’ll be prompted to add a phone number at sign-in
- Enter your mobile phone number
- Verify with the code sent to your phone
- MFA is now configured for future sign-ins
Security considerations
Why MFA matters
MFA protects against common security threats:| Threat | How MFA helps |
|---|---|
| Password theft | Stolen password alone can’t access your account |
| Phishing | Even if you’re tricked into revealing your password, attackers lack your phone |
| Credential stuffing | Reused passwords from breached sites can’t compromise your account |
| Unauthorized access | Physical access to your phone is required |
Best practices
Protect your phone- Keep your phone physically secure
- Use a screen lock (PIN, fingerprint, or face recognition)
- Don’t share verification codes with anyone
- Be cautious of unexpected MFA prompts
- Update your phone number immediately when it changes
- Notify your Manager if you lose your phone
- Don’t use temporary or shared phone numbers
- Question unexpected MFA prompts when you’re not signing in
- Report MFA codes you didn’t request to your Manager
- Never share codes with anyone, even if they claim to be from Forerunner
MFA for different user types
Internal team members
MFA for staff accounts:- Configured via SMS verification
- Phone number stored in user profile
- Required based on account settings
Public users
Public website users (residents):- Do not have MFA requirements
- Use password-based authentication only
- Protected by email confirmation
Forerunner administrators
Internal Forerunner team members may use additional MFA methods not covered here.Account-level MFA settings
These settings are managed by your Customer Success Manager:| Setting | Description |
|---|---|
| MFA enabled | Whether MFA is active for the account |
| MFA required | Whether all users must complete MFA |
| Session timeout | How long until re-authentication is needed |
| Failed attempt lockout | Maximum failed MFA attempts before lockout |
Disabling MFA
MFA can only be disabled at the account level by your Customer Success Manager. Individual users cannot opt out when MFA is required. If you believe MFA should be disabled for your account:- Discuss with your Manager
- Manager contacts CSM with the request
- CSM evaluates security implications
- Changes are made if appropriate
MFA is a security best practice and is recommended for all accounts. Disabling MFA increases risk of unauthorized access.
Related topics
- Signing in - Access your Forerunner account
- Password management - Reset and change passwords
- Account settings - Update your profile including phone number
- Data security - Learn about Forerunner’s security measures