🔒Security

Hyperfox manages all user accounts locally within the application. There is no external identity provider or single sign-on (SSO) integration yet (planned 2026) — each user account is created and maintained directly in the system.

User Management

User accounts are managed by administrators within the Hyperfox admin panel. To manage your own account settings, click the user icon in the top-right corner and select Profile.

From the profile page you can:

Change your password
Manage multi-factor authentication (MFA)

Password Policy

All user passwords must meet the following requirements:

Requirement

Detail

Minimum length

12 characters

Letters

Must contain at least one letter

Mixed case

Must contain both uppercase and lowercase letters

Numbers

Must contain at least one number

Symbols

Must contain at least one special character

These rules are enforced on both password creation and password changes.

Multi-Factor Authentication (MFA)

Hyperfox supports time-based one-time password (TOTP) multi-factor authentication.

How TOTP Works

TOTP generates a short-lived six-digit code that refreshes every 30 seconds. The code is derived from a shared secret between the server and your authenticator app, combined with the current time. Because both sides use the same secret and clock, they independently produce the same code — no network connection to the server is needed to generate it.

Setting Up MFA

Click on the user icon and click on Profile.
Click the option to enable two-factor authentication.
A QR code will be displayed on screen. Scan this QR code with a compatible authenticator app such as:
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- Any TOTP-compatible app
Enter the six-digit code from your authenticator app to confirm the setup.
Once confirmed, a set of recovery codes will be displayed. Store these in a safe place.

Logging In with MFA

After entering your email and password, you will be prompted for a second factor. Open your authenticator app and enter the current six-digit code to complete the login.

Recovery Codes

During MFA setup, Hyperfox provides a set of single-use recovery codes. These codes allow you to log in if you lose access to your authenticator app (e.g. lost or replaced phone).

Important:

Each recovery code can only be used once.
Store your recovery codes in a secure location (e.g. a password manager or printed in a safe place).
If you lose both your authenticator device and your recovery codes, contact your administrator to have MFA reset on your account.

Enforcing MFA

Tenant administrators can enforce MFA for all users within their tenant. This setting is found under Admin Settings > Security.

Once enabled, any user who has not yet configured MFA will be required to set it up on their next login before they can access the platform. Users will be redirected to the MFA setup flow and cannot proceed until two-factor authentication is fully configured.

PreviousHyperfox Documentation NextCustom Integrations

Last updated 5 days ago

Good morning

hashtagUser Management

hashtagPassword Policy

hashtagMulti-Factor Authentication (MFA)

hashtagHow TOTP Works

hashtagSetting Up MFA

hashtagLogging In with MFA

hashtagRecovery Codes

hashtagEnforcing MFA