Manage authentication settings for your team & clients

Learn how authentication works for your firm, how to require two-factor authentication (2FA) for team members and clients, and how to help users who lose access.

Note

This article is for the firm owner and admins only.

Authentication at TaxDome, explained

TaxDome requires email verification when users sign in. After entering their password, users receive a one-time code via email to verify their identity.

For enhanced security, you can require two-factor authentication (2FA) using an authenticator app for your team members and/or clients. This method offers stronger protection than email verification because codes are generated on users’ devices rather than sent via email, making them immune to email interception or phishing attacks.

All users can also enable SMS as a backup option in their accounts .

Info

Mandatory email verification is enabled for all TaxDome users. If you already have 2FA configured or using Google account to sign in, your current setup will continue to work.

Authentication methods

• Email verification (mandatory) : A 6-digit code is sent to users’ registered email address each time they log in. This method is enabled automatically and requires no setup.
• Two-factor authentication (2FA) via authenticator app: Users generate verification codes using apps like Google Authenticator or Microsoft Authenticator. This method offers stronger protection and faster access. You can require this method for team members and/or clients.
• SMS (backup option) : All users can configure their mobile number to receive codes via text message as a backup when email or authenticator app is unavailable. For clients who haven’t enabled SMS backup, TaxDome automatically suggests a phone number from their contact information when they request an SMS code during sign-in and saves it after verification. SMS backup is not available for users in the EU.

You cannot disable email verification for your firm—it is required for all users. However, users can skip verification for 30 days when accessing from the same device by selecting the Remember this device option during sign-in .

Abuse prevention

TaxDome includes configurable security limits to prevent abuse:

• Code request limits: Users can request a limited number of verification codes per sign-in attempt
• Entry attempt limits: After a certain number of incorrect code entries, users must request a new code
• Code expiration: Verification codes expire after a set timeframe
• Different limits: Email codes and SMS codes have separate rate limits
• Method switching: When users exhaust limits for one method, they’re offered to switch to another available method
• Account protection: Users who exceed limits for both email and SMS are temporarily blocked and must contact you or your team for assistance

Require authenticator app 2FA for team members and clients

By default, all users have email verification enabled. However, you can require a more secure authentication method by making authenticator app 2FA mandatory for your team members and/or clients.

To require authenticator app 2FA:

1. Go to Settings > Firm settings from the left sidebar menu.

2. In the Two-factor authentication (2FA) section:

a. Select the Enable authentication via app for team members checkbox.

Warning

Once saved, all firm members, including admins and the firm owner, will be required to set up an authenticator app. Email verification won’t work anymore.

b. (Optional) You can apply this requirement starting from a specific date (delayed start) for team members. This gives your team time to set up their authenticator apps in advance.

c. Select the Enable authentication via app for clients checkbox.

d. (Optional) You can apply this requirement starting from a specific date (delayed start) for clients.

3. Click Save to apply the changes.

If you set a delayed start date, team members and clients will see an alert in the portal prompting them to set up their authenticator app before the enforcement date.

Starting from the selected date, users must set up an authenticator app and enter a code from the app when logging into the portal. Email verification codes will no longer be accepted, though SMS backup can still be configured as a backup option.

Note

Disabling the authenticator app 2FA requirement does not remove 2FA for clients or team members who have already configured it—they will continue to sign in using their authenticator app. To remove 2FA for an individual user, use the Reset two-factor authentication option.

Configure troubleshooting email

By default, the firm owner receives notifications when team members or clients request authentication assistance. You can designate someone else to receive these requests:

1. Go to Settings > Firm settings from the left sidebar menu.

2. In the 2FA troubleshooting section, enter the email address.

3. Click Save.

This email will receive notifications when users click Contact us during sign-in issues.

Temporarily disable email 2FA (one-time access)

Firm owner or admin can allow a team member or client to sign in once without entering a verification code. This is helpful when they can’t receive codes via email or SMS but need immediate access.

The bypass is valid for a single use. After signing in, the user is prompted to set up an SMS backup for future emergencies, ensuring they have an alternative verification method available. They will be prompted for email verification codes again on their next login.

Warning

This is a potentially dangerous operation that temporarily reduces account security. Use this feature only when absolutely necessary.

For team members

1. Go to Settings > Team & plans from the left sidebar menu.

2. Open the Team members tab.

3. Click the three dots to the right of the team member’s name and select Temporarily disable email 2FA.

4. Click Confirm.

For clients

1. Open the client profile and switch to the Info tab.

2. In the Contacts section, find the email address with sign-in issues.

3. Click the three dots next to the email address and select Temporarily disable email 2FA.

4. Click Confirm.

If the disable option is greyed out, it means the employee is not an admin or firm owner .

Reset authenticator app 2FA

If a team member or client has 2FA enabled via an authenticator app and loses access to it, the firm owner or admin can reset their authenticator-app 2FA settings. This removes their current authenticator app configuration.

On their next sign-in, the user will be prompted for email verification codes instead. If your firm requires 2FA , they will see the setup screen and must configure their authenticator app again.

For team members

1. Go to Settings > Team & plans from the left sidebar menu.

2. Open the Team members tab.

3. Click the three dots to the right of the team member’s name, and select Reset two-factor authentication.

4. Click Confirm.

For clients

1. Open the client profile and switch to the Info tab.

2. In the Contacts section, click the three dots next to the contact’s email address.

3. Select Reset two-factor authentication.

4. Click Confirm.

If the disable option is greyed out, it means the employee is not an admin or firm owner .

Change email address for verification codes

If a team member or client isn’t receiving email verification codes, you can update their email address. Verification codes will be sent to the new email address.

For team members

1. Go to Settings > Team & plans from the left sidebar menu.

2. Open the Team members tab.

3. Click the team member’s name to open their profile.

4. Update the Email field under Login details.

5. Click Save.

For clients

1. Open the client profile and switch to the Info tab.

2. In the Contacts section, click the three dots next to the contact.

3. Select Edit contact.

4. Update the email address.

5. Click Save.

Share

Link copied