Skip to main content
All CollectionsAccount SettingsGeneral User Settings
Two-Factor Authentication (2FA) for Xero connected accounts
Two-Factor Authentication (2FA) for Xero connected accounts

Learn about Two-Factor Authentication and the reasons why this is compulsory for any Ignition and Xero connection.

Pat Kuo avatar
Written by Pat Kuo
Updated over 5 months ago

Why do I need to enable Two-Factor Authentication (2FA)?

Xero is taking a proactive approach to security and making multi-factor authentication (MFA) mandatory for all apps that have connections to Xero.

As your Ignition account is connected to Xero you’re required to set up 2FA.


What is Two-Factor Authentication (2FA)?

2FA provides an additional level of security to access your Ignition account by using a one-time password from your phone or device.

Who needs to set up 2FA on their account?

All Ignition subscribers that have a linked Xero connection will be required to set up 2FA by 31 March 2023.

When do I need to set up 2FA on my account?

You’ll need to set up 2FA by 31 March 2023.

From 1 April 2023, you won't be able to access your Ignition account unless you have enabled 2FA.

I have 2FA set up with Xero, can I use that instead?

You will need 2FA on both login points, Ignition and Xero.

The reason is because you can make changes in Ignition which affect your Xero account (e.g. updating client data and generating invoices).

Once set up initially, you can simply use the ‘Sign In with Xero’ feature as that leverages all the existing authentication you have in place with Xero.

How do I set up 2FA?

Next time you sign in to your Ignition account, if the system detects that you have Xero connected, it will prompt you to enable 2FA before being able to access the Ignition app.

If you're not yet ready to enable 2FA, you can dismiss the instructions and complete the setup at a later date. You will have until 31 March 2023 to enable 2FA on your account.

What options do I have to set up 2FA?

You can choose to enable 2FA using an authenticator app or SMS directly - simply follow the instructions on the 2FA setup screen next time you sign in to Ignition.

Using an app

  1. From the setup screen, click Set up using an App.

  2. Download an authenticator app to your phone (or desktop if you don't have a smartphone) from your App Store or Google Play Store. Authenticator apps are usually free. We suggest Google Authenticator, Authy or 1Password.

  3. Sync your Authenticator app with Ignition by scanning the QR code & entering the generated one-time password to validate your selected method.

  4. Set up your backup authentication method by selecting either a backup phone number or email address.

    This step is required for principal users and is optional for all other users. We highly recommend all users set up a backup method as this will reduce the risk of losing access to your account.

    We will send a verification code via your backup method, so you'll need to validate this method by entering the provided code.

    Please note that if you cannot complete this step within 10 minutes of receiving your one-time password in step 3 then you will be required to start the flow again.

    Once set up you will be directed straight into Ignition.

Using SMS

  1. From the setup screen, click Set up using SMS.

  2. Enter your mobile phone number and press Request one-time password.

  3. You will be sent a one-time password to the mobile phone number of your choice. Please enter this newly generated number to validate your login. Please note you will need to do this each time you wish to log into Ignition.

  4. Set up your backup authentication method by selecting either a backup phone number or email address. Please note that if you want to select a phone number, you need to use a different phone number than the one entered in the previous step.

    This step is required for principal users and optional is for all other users. We highly recommend all users set up a backup method as this will reduce the risk of losing access to your account.

    We will send a verification code via your backup method, so you'll need to validate this method by entering the provided code.

    Please note that if you cannot complete this step within 10 minutes of receiving your one-time password in step 3 then you will be required to start the flow again.

What will happen once I have set up 2FA?

Once you have enabled 2FA, the next time you log in to Ignition, you will be prompted to enter the one-time password that will automatically generate in your authenticator app or SMS, depending on your preferred 2FA method.

Do not require 2FA for 30 days

The next time you log into Ignition, you also have the option of ticking the Do not require two-factor authentication for 30 days checkbox.

This will make it so that you do not need to provide your one-time password each time you log in for a 30-day time limit.

After 30 days, you will be required to provide your one-time password again.

What if I cannot provide my one-time password?

If you cannot provide your one-time password using your primary authentication method then you can take one of the following actions:

  • Request a one-time password via your backup method.

  • Ask your principal user to reset 2FA for your account. A principal user will need to go to the Team page → Select your user → Click the three dots → Reset Two-Factor Authentication & enter their one-time password. This will require you to set up 2FA again.

    Please note, the principal user will need to have 2FA enabled before being able to reset this for their team members.

  • If you are the principal user, contact Ignition support who will attempt to verify your identity.

Frequently Asked Questions

Will using the authenticator app mean that I’m giving private data to a third party?

No, the authenticator app doesn’t connect to your Ignition account in any way. It simply generates a secure time-based passcode that is used in the process of logging in. This means that your account is secure even if someone knows or guesses your password!

I don’t have a smart device. How do I download the authenticator app?

It’s preferable to have the authenticator app on a separate device than your main computer or laptop. But if this isn’t possible, you have the ability to install an app on your laptop or desktop computer. Authy, Microsoft Authenticator and 1Password are some examples of desktop authenticators.

Does my smart device need a signal or internet to retrieve the passcode?

No - once the authenticator app is installed and set up, it will generate new codes that expire in 30 seconds by itself. It does not need a signal or internet connection.

What if I lose or need to update my primary or backup authentication method?

Currently, you cannot manage your 2FA setup within Ignition. If you need to update either your primary or backup method then you can ask your principal user to reset 2FA for your account. Note this action will force you to configure both methods again upon your next login.

Be aware, the principal user will need to have 2FA enabled before being able to reset this for their team members.

If you are the principal user, please contact Ignition support.

Do I need to set up a backup method?

If you are a principal user, you will need to set up a backup method. This reduces the risk of being unable to access your account. This step is optional for other team members as a principal user can reset any team member's 2FA configuration within the app, providing an alternate path of access to their account if necessary. This however is not possible if a principal user is unable to access their account, therefore we require principal users to set up a backup method to reduce the risk of being unable to access their account.

We highly recommend all users set up a backup method.

Did this answer your question?