Set Up MFA on Your Account

Who this guide is for

All roles. Business Owners and Admins should set MFA up first because several MFA-gated actions are restricted to those roles.

Overview

Add a second factor — passkey, authenticator app, or phone approval — so your account is protected even if your password is compromised. MFA is also required for inviting users, uploading supplier invoices, connecting Xero, connecting Stripe, and changing your plan or billing.

Before you start

You need a registered MyApprentice account and to be signed in. Have one of the following ready: an iPhone with the MyApprentice app installed (for the iOS app code method — recommended), a device with biometrics or a device PIN (for a passkey), an authenticator app on your phone, or a mobile device that can receive push approvals.

Steps

1. Select the gear icon (⚙) in the top-right corner of the header. The Customisation page opens.
2. Open the Security tab.
3. Choose at least one method:
   • iOS app code (Recommended). Open your iPhone camera and scan the QR code shown on the Security tab. The App Store opens to the MyApprentice app — install it and open the app. Sign in with the same credentials you used at sign-up. The app displays a 4-digit code. Enter the 4-digit code into the field on the right of the Security tab to verify the two devices.
   • Passkey (alternative). Select Set up Passkey and follow your browser or device prompts (Face ID, fingerprint, or device PIN).
   • Authenticator app. Select Setup authenticator app, scan the QR code with your app, and enter the 6-digit code to confirm. Save the backup codes the app issues.
   • Phone approval. Select Phone approval and follow the prompts to link your mobile. From then on, sign-ins from an unrecognised device send an approval push to that phone — open the push and tap Approve to complete sign-in.
4. (Optional) Rename the registered device so it is easy to identify.
5. (Recommended) Set up a second method as a backup.

Remove or rename a registered device

1. Open Customisation → Security.
2. Find the device labelled My device under one of the MFA methods.
3. Select Rename to update the label, or Remove to deregister the method.
4. If this is your only MFA method, register a new method before removing the old one so you do not lock yourself out.

What happens next

You will be asked for a second factor when signing in from a new device or after the MFA recency window expires. MFA-gated actions (invite users, upload supplier invoices, connect Xero, connect Stripe, change plan or billing) will now work.

Common Issues

• Passkey setup will not start. Confirm your browser supports passkeys (current versions of Chrome, Safari, Edge, or Firefox). If it doesn’t, use the authenticator app or phone approval option instead.
• Locked out after removing the only MFA method. Use Forgot your password on the sign-in screen — you’ll be prompted to set MFA up again after the reset. See Recover access after MFA device loss.
• Asked for MFA more often than expected. Business Owners and Supervisors have a shorter recency window than other roles — this is intentional for privileged accounts.

Related guides

Sign In to MyApprentice, Sign In with Google, Microsoft, or Apple, Invite a team member, Connect Xero, Review your subscription and billing.