Multi-Factor Authentication

Auth0 Multi-factor Authentication (MFA) Platform

Beginning on July 28th, 2026 the ONE System will upgrade its Multi-Factor Authentication (MFA) platform to Auth0, a modern, SOC 2–compliant identity platform. This change will bring enhanced security to ONE and is intended to make our data more secure moving forward.

These changes include:

  • A new login screen
  • Required Multi-factor Authentication

Every account will be required to enroll in Multi-factor Authentication (MFA) on their first sign-in after the change on July 28th, 2026. This applies regardless of whether you had Two Factor Authentication (2FA) enabled in ONE previously.

Supported authentication methods at launch include:

  • One-time password via authenticator app (Google Authenticator or Microsoft Authenticator for iOS and Android devices are two popular options).
  • Push notification via the Auth0 Guardian app (download the application for free directly from the Apple App Store or the Google Play Store) 
  • Phone (SMS or voice)
  • Email
You will be able to manage your MFA enrollment directly from your ONE System account settings as of July 28th , 2026. Below are some step-by-step instructions and frequently asked questions (FAQs). If you need additional support, please reach out to the ONE System Help Center Support Desk.

MFA Enrollment Steps

Step 1: Enter your email address on the ONE System sign-in page:

Clarity Login Page

 

Step 2: You will be redirected to the Auth0 login page, where you will enter your ONE System account password:

Auth0 Login Page

 

Step 3: Upon first login with Auth0, you will be prompted to select your authentication method:

Authentication Methods

 

Step 4: Once the authentication method is set up, you will be prompted to re-authenticate the next time you log in:

Re-Authenticate Page

NOTE: If the Remember this device for 30 days option is checked, authentication will only be required after a 30-day grace period. If the Remember this device for 30 days option is not checked, you will be required to authenticate every time you log in.

FAQs

Here is a list of some of the most frequently asked questions regarding this change that may be helpful if you are unsure about any aspects of the change:

Why do I use my email to sign in now?

  • Email is globally unique and doesn't require users to invent or remember a separate identifier. It also enables built-in account recovery via password reset links sent to your inbox.

What is this new login screen? Why was I redirected to another website?

  • Users now enter their email on the ONE System sign-in page, which has the same URL as before. They’ll then be temporarily redirected to Auth0, which handles the rest of the sign-in process. Once authentication completes, users are automatically sent back to ONE.

Why am I being asked to register an MFA device?

  • MFA is now required for all users authenticating to the ONE System and approved third-party applications. On first sign-in after migration, users will be prompted to enroll.

Where did the 2FA toggle in my user settings go?

  • The per-user 2FA enable/disable option has been removed. MFA is now centrally managed with Auth0, and users can manage their enrolled factors in their ONE System account settings.

What if I’ve already set up 2FA in the ONE System?

  • Users who had 2FA enabled with the ONE System before the change will need to set up their MFA again with Auth0.

What if the phone number on my ONE System user profile is different than the number I use for MFA?

  • This will not be an issue. Auth0 does not look at the ONE System user profile and only sees the phone number the user provides during login.

How long does "Remember this device" last?

  • 30 days.