## Documentation Index Access the complete documentation index at: https://www.zoho.com/om/books/help/llms.txt Use this file to discover all available documentation pages before proceeding. # Multi Factor Authentication (MFA) for Customer and Vendor Portals Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to an account, system, or application. This adds an extra layer of protection beyond just a username and password. This reduces the risk of unauthorized access, even if one factor, like a password, is compromised. Zoho Books allows you to enable Multi-Factor Authentication (MFA) for the Customer and Vendor Portals to enhance account security and protect them from unauthorized access. Your customers and vendors can configure MFA by scanning a QR code using an authenticator app, such as [OneAuth](https://www.zoho.com/accounts/oneauth/) or Google Authenticator. After configuration, they can use the Time-based One-Time Password (TOTP) received in their autheticator app and log in to their portal. **Note:** Once you enable MFA in the Customer Portal, it is applied to all your customers and vendors as the Portal Name and URL is same for both customer and vendor portals. ## Enable MFA in Customer Portal Preferences To enable MFA in the Customer Portal _Preferences_ page: * Go to **Settings**. * Select **Customer Portal** under _Preferences_. * Check the **Enable multi-factor authentication (MFA)** option. * Click **Save**. MFA will be enabled for both customer and vendor portals. ## How Customers and Vendors Can Configure MFA **Prerequisite:** Download an authenticator app (such as OneAuth or Google Authenticator) from the Google Play Store or the App Store. Once you enable MFA for the customer and vendor portals, your customers and vendors can use an authenticator app (such as OneAuth, Google Authenticator) to configure it themselves. To configure MFA, they should: * Navigate to the customer or vendor portal **Login** page. * Enter their credentials. * Click **Configure** in the _Enable MFA for their account_ page. * Scan the QR code using their authenticator app. **Insight:** They can also manually enter the authentication code received in their authenticator app. * Click **Next** once they get the OTP on the authenticator app. * Enter the OTP from the authenticator app. * Click **Verify**. * Click **Enable MFA**. Now, your customers and vendors can log in to their portal using the TOTP received in their authenticator app. ## Reset MFA for Customers and Vendors If a customer or vendor loses access to their authenticator app and does not have backup codes, you can reset MFA for them. Here’s how: * Go to _Sales_ on the left sidebar and select **Customers**, or go to _Purchases_ on the left sidebar and select **Vendors**. * Select the required customer or vendor. * Click the _Gear_ icon next to their email address in the customer’s or vendor’s _Details_ page, and select **Reset Portal MFA** from the dropdown. MFA will be reset for the respective customer or vendor, and they will have to [configure](/om/books/help/customer-portal/multi-factor-authentication.html#customer-config) it again to log in to their portal. ## Disable MFA in Customer Portal Preferences **Note:** If a customer or vendor has already configured MFA, they must use TOTP to log into their portal, even after MFA is disabled. To disable MFA for these customers or vendors, you can [reset](/om/books/help/customer-portal/multi-factor-authentication.html#reset) it. To disable MFA in the Customer Portal _Preferences_ page: * Go to **Settings**. * Select **Customer Portal** under _Preferences_. * Uncheck the **Enable multi-factor authentication (MFA)** option. * Click **Save**. MFA will be disabled in the Customer Portal _Preferences_ page for both customer and vendor portals.