# Multi-Factor Authentication (MFA) If your organization has implemented Single Sign-On (SSO) with Spark it is recommended to take advantage of the added security benefits offered by Multi-Factor Authentication (MFA) provided by customer's organization. ## Prerequisites Before proceeding with the setup, ensure that these prerequisites are also met: 1. **Local account**: Ensure that a local account has been setup on Spark, see [Manage users](/tenant-administration/manage-users.md). 2. **Mobile Authenticator App:** An must be installed on your mobile device. Some options include: * **FreeOTP** Google Play Store: [FreeOTP Authenticator](https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp) Apple App Store: [FreeOTP Authenticator](https://apps.apple.com/us/app/freeotp-authenticator/id872559395) * **Google Authenticator** Google Play Store: [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) Apple App Store: [Google Authenticator](https://apps.apple.com/us/app/google-authenticator/id388497605) * **Microsoft Authenticator**\ Google Play Store: [Microsoft Authenticator](https://play.google.com/store/apps/details?id=com.azure.authenticator) Apple App Store: [Microsoft Authenticator](https://apps.apple.com/us/app/microsoft-authenticator/id983156458) ## Secure Spark local accounts with Multi-Factor Authentication `tenant-admin` users can enforce MFA on local accounts through the [Manage users](/tenant-administration/manage-users.md) screens. 1. During the user creation journey, there is an option to *Require Multi-Factor Authentication*. Enable this option. 2. When the user logs in for the first time, they will be prompted to open the Authenticator App and to scan the provided QR code. 3. Input the generated by the authenticator app into the *One-time code* field. 4. Under *Device Name* enter a name to identify the device that is being used. 5. Click **Submit**. 6. For each subsequent login, the user will be prompted to provide the one-time password from the authenticator app. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.coherent.global/identity-and-access-management/multi-factor-authentication-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.