Important — 2FA must be enabled by the IndyForms support team
You cannot enable 2FA yourself from your account settings. To get started, start a support chat within IndyForms or email [email protected]
Quick overview
This article covers: what 2FA is, who can use it, how to request it, the setup walkthrough, logging in with 2FA, and what to do if you’re locked out.
What is 2FA?
Two-Factor Authentication (2FA) adds a second verification step when you log in, on top of your password. Even if someone knows your password, they cannot access your account without also having your verification code.
When 2FA is enabled, logging in requires:
Something you know — your IndyForms password
Something you have — a time-sensitive 6-digit code from your authenticator app
This is especially important for Administrator users who manage sensitive data, user access, and account settings across their organisation.
Who Can Use 2FA?
2FA is currently available for Administrator users (Admin Licence holders) only.
This is because Admins have the highest level of access in IndyForms — they can manage users, view all forms, and control account settings. Securing Admin accounts with 2FA protects your entire organisation.
Not an Admin?
If you’re a general user and want 2FA enabled on your account, speak to your organisation’s IndyForms Administrator or contact our support team to discuss your options.
Before You Set Up 2FA
Before requesting 2FA activation, make sure you have an authenticator app installed on your mobile device. Any TOTP-compatible app will work, including:
App | Platform |
Google Authenticator | iOS, Android |
Microsoft Authenticator | iOS, Android |
Duo Mobile | iOS, Android |
How to Request 2FA Activation
2FA is enabled by the IndyForms support team. Here’s how to request it:
Contact us via support chat in the IndyForms messenger button or by emailing [email protected].
In your message, let us know you’d like 2FA enabled on your IndyForms account.
Our team will activate 2FA and let you know when it’s ready. You’ll then be prompted to complete setup next time you log in.
Setting Up 2FA for the First Time
Once our team has activated 2FA on your account, here’s what happens the next time you log in:
Step 1 — Log in as normal
Go to the IndyForms login page and enter your email and password as usual.
Step 2 — You’ll see a QR code screen
A QR code will appear on screen. This only appears once during the initial setup.
Step 3 — Scan the QR code
Open your authenticator app on your phone.
Tap Add account or the + button.
Select Scan a QR code and point your camera at the code on screen.
Your app will add IndyForms as a new account and immediately show a 6-digit code.
Can’t scan the QR code?
Most setup screens also offer a manual entry option. Tap “Enter setup key manually” in your authenticator app and type in the code shown beneath the QR code.
Step 4 — Enter your first verification code
Type the 6-digit code from your authenticator app into the verification field and click Verify. This confirms the setup is working correctly.
Heads up
TOTP codes refresh every 30 seconds. If the code expires before you enter it, simply wait for the next one to appear and use that instead.
Step 5 — You’re set up
2FA is now active on your account. From this point on, you’ll be prompted for a verification code each time you log in.
Logging In With 2FA
Once 2FA is enabled, your login flow will look like this every time:
Go to app.indyforms.com and enter your email and password.
When prompted, open your authenticator app and find the IndyForms entry.
Enter the 6-digit code shown. Remember, codes refresh every 30 seconds — if yours is about to expire, wait for a fresh one.
Click Verify. You’ll be logged in.
Clock sync matters
TOTP codes are time-based, so if your device’s clock is out of sync, your codes won’t work. Make sure your phone has “Set time automatically” turned on in your date and time settings.
Lost Access to Your Authenticator App?
Act quickly
If you’ve lost access to your authenticator app, contact us as soon as possible. The sooner we know, the faster we can secure and restore your account.
Common scenarios
Lost or broken phone: Contact our support team immediately via [email protected]. We will verify your identity and reset your 2FA so you can set it up again on a new device.
New phone (planned upgrade): Before switching devices, transfer your authenticator accounts using your app’s backup or migration feature (see your app’s help docs). Apps like Authy and 1Password make this straightforward.
Deleted the app by accident: If you don’t have a backup, contact support and we’ll reset your 2FA so you can re-enrol.
What to expect from our support team
When you contact us about a lost authenticator, we’ll:
Verify your identity using your account details.
Disable 2FA on your account temporarily.
Let you know once it’s safe to log in and re-enrol.
Typical response time is within 1 business day. For urgent situations, please start a live support chat within IndyForms for a faster response.
Frequently Asked Questions (FAQs)
Q. Can I enable 2FA myself without contacting support?
No — 2FA must be activated by our support team. Once activated, you complete the setup yourself at your next login. This is a one-time process.
Q. Is 2FA available for non-Admin users?
Not currently. 2FA is available for Administrator (Admin Licence) users only. If you’d like to discuss extended 2FA availability for your organisation, get in touch with our team.
Q. Do I need to enter a code every single time I log in?
Yes — once 2FA is enabled, a verification code is required at every login. This is intentional and cannot be bypassed, as it’s what makes 2FA effective.
Q. What if my verification code doesn’t work?
Make sure your device’s clock is set to update automatically (time-based codes fail if the clock is wrong).
Check you’re using the IndyForms entry in your app, not a different account.
If the code is about to expire (the countdown timer is nearly done), wait for a fresh code and try again.
Still not working? Email [email protected] and our team will help.
Q. Can I use 2FA with Microsoft, Google, or Apple SSO?
If you log in via SSO, your identity is already verified by your SSO provider. 2FA within IndyForms applies to email/password logins only. For SSO accounts, security is managed through your SSO provider’s own settings.
💡 IndyTips
Keep your device’s clock on automatic: TOTP codes are time-sensitive. An out-of-sync clock is the most common reason codes fail.
Don’t share your authenticator device: Anyone with access to your authenticator app can access your IndyForms account.
Plan ahead when switching phones: Use your app’s migration feature before handing in or wiping your old device.
Enable 2FA for all Admin users: If your organisation handles sensitive or confidential information, we strongly recommend enabling 2FA for every Administrator account.