Multi-factor authentication (MFA)

Configure MFA for your user account.

All users are required to use multi-factor authentication (MFA). This guide covers the process of configuring MFA for your account, with frequently asked questions at the end.

Configure MFA

After logging in for the first time with a username and password, you will be taken directly to the Two-factor Authentication tab on the User Settings page. Follow the steps below to configure MFA:

  1. Click Enable Two-Factor Authentication to begin.

    first step of the MFA setup process

  2. Enter your password when prompted, then click Confirm.

    Second step of the MFA setup process

  3. Scan the provided QR code in your chosen Authenticator app, then enter an MFA code from the new entry in the Authenticator and click Confirm.

    third step of the MFA setup process

  4. Copy the provided recovery codes and store them somewhere safe, according to your company's security policies.

    final step of the MFA setup process

With the configuration complete, you will be asked to provide a new one-time passcode from your Authenticator app each time you log in.

FAQs

Why does Medallia require this?

We continuously evaluate our security policies in light of emerging threats and industry best practices. The number of public credential leaks, password reuse incidents, and automated credential-stuffing attacks continues to rise across all industries. We strongly believe that this is the right move to protect our clients' businesses.

The use of MFA has been Medallia's long-standing recommendation listed in our IT Playbook and product documentation portal. Many Medallia clients already use both technologies successfully.

To which Medallia products does this policy apply?

We will implement this policy across all of our products. Clients should take the opportunity to review their practices with their Medallia account team.

What is MFA?

MFA requires a user to verify their access to Feedback using both a password and an out-of-band passcode. This ensures that even if a user's password is compromised, the passcode remains secure and unauthorized access to Feedback is restricted.

Feedback provides support for MFA when a user account is logging in directly. This does not apply to the Genesys Cloud integration, in which users access Feedback within the Genesys Cloud UI.

Feedback supports authenticator applications via industry-standard QR code flows.

How do I implement MFA on my program?

Coordinate with your Medallia Professional Services team, Partner administrator, or Medallia Support if you have further questions.

By when must these be implemented?

MFA must be enabled on all client programs no later than September 1, 2026. We encourage clients to prioritize and finish this project earlier than that date.

If not set prior to the deadline, MFA will be enabled for all roles and users automatically.