Index
General & Setup Questions
o What is MFA and why do I need it?
o How do I get started with the easiest method?
o Can I add other methods like SMS or an app?
System Scope & Session Timing
o Is MFA being switched on for ALL Cotality systems?
o When will I be prompted for MFA?
o What happens if I log out?
o What if I am still prompted for MFA when switching apps?
Account Limits & System Settings
o How many MFA methods can I have?
o What happens if I enter the wrong code too many times?
o What is the daily limit for passcodes?
o Can an individual MFA method be locked?
o How long is a passcode valid?
o How long does a lockout last?
o How many times can I click "Resend"?
o Will I be notified if a new device is added?
o Why does my email address keep appearing even if I remove it?
Error Messages
o “OTP Daily Limit Reached”
o “Account Locked”
o “MFA Method Locked”
o “Passcode Has Expired”
o “Too Many Attempts to Send a Passcode”
o “User-Level MFA Disabled”
Troubleshooting & Support
o I didn’t receive my passcode. What should I do?
Answers
General & Setup Questions
What is MFA and why do I need it?
Multi-Factor Authentication (MFA) is a security process that requires you to provide two things when you sign in:
1. Your password, and
2. A one-time passcode sent to a device you own (such as your email, phone, or authenticator app).
This greatly reduces the risk of unauthorised access, even if someone knows your password.
________________________________________
How do I get started with the easiest method?
The quickest way to get started is with Email One-Time Passcode (OTP):
1. Log in with your usual credentials.
2. When prompted for MFA, select Email as your method.
3. Enter the 6-digit code sent to your inbox.
________________________________________
Can I add other methods like SMS or an app?
Yes. In addition to Email, you can register:
• Text message (SMS)
• An Authenticator App (such as Google Authenticator or PingID)
You can add these by clicking Manage Devices during the login process and following the prompts.
System Scope & Session Timing
Is MFA being switched on for ALL Cotality systems?
Currently, MFA is being enabled for Banking & Finance apps (e.g., ValEx, goVAL WEB, goVAL APP, PHUB). RP Data is not included in this current rollout.
________________________________________
When will I be prompted for MFA?
You will need to complete MFA if you do not have an active session. Once you have logged into one Cotality app, logging into another app in the same browser will not require MFA because the session is maintained through cookies.
________________________________________
What happens if I log out?
If you log out of an application, your session is revoked. You will be required to go through the MFA process again for your next login.
________________________________________
What if I am still prompted for MFA when switching apps?
Upon the first implementation of MFA, you may need to clear your browser cache to ensure the session cookies work correctly across different apps and avoid redundant MFA prompts.
Account Limits & System Settings
How many MFA methods can I have?
You can register up to three MFA methods in total, with one of each type:
• One Email
• One SMS
• One Authenticator App
________________________________________
What happens if I enter the wrong code too many times?
If you enter incorrect passcodes repeatedly:
• Your account will be locked after 5 failed MFA attempts (across all methods).
________________________________________
What is the daily limit for passcodes?
There is a daily cap of 20 One-Time Passcodes (OTPs) that can be sent to you per day (across all methods).
________________________________________
Can an individual MFA method be locked?
Yes. Each MFA method has its own lockout threshold:
• A specific method (for example, Email or SMS) will be locked after 3 failed passcode attempts for that method.
You can still try another registered method if available.
________________________________________
How long is a passcode valid?
Each passcode is valid for 5 minutes from the time it is generated.
________________________________________
How long does a lockout last?
If your account is locked due to too many failed MFA attempts:
• It will be automatically unlocked after 600 seconds (10 minutes).
________________________________________
How many times can I click "Resend"?
You can click Resend up to 5 times for a passcode. After that limit, you will no longer be able to request more codes for that period.
________________________________________
Will I be notified if a new device is added?
Yes. Whenever a new device is paired with your account:
• You will receive a notification by email, or
• By SMS if email is unavailable.
________________________________________
Why does my email address keep appearing even if I remove it?
Your email address from CLAUD is automatically provisioned as an MFA method:
• If you remove or change it in CLAUD, it will be re-added the next time you log in.
Error Messages
Note: Error pages currently use the default PingOne MFA template. They will soon be updated to match the Cotality template.
“OTP Daily Limit Reached”
You have exceeded the 20-passcode daily limit. Please try again tomorrow.
________________________________________
“Account Locked”
You have reached the maximum of 5 failed MFA attempts.
Your account will automatically unlock in 10 minutes.
________________________________________
“MFA Method Locked”
The specific MFA method you’re using has been locked after 3 failed passcode entries.
Please switch to a different registered method.
________________________________________
“Passcode Has Expired”
The 5-minute validity window for that passcode has passed.
Please request a new code and try again.
________________________________________
“Too Many Attempts to Send a Passcode”
You have reached the maximum of 5 "Resend" attempts for a passcode.
________________________________________
“User-Level MFA Disabled”
MFA has been disabled for your account in the PingOne Console.
Please contact support for assistance.
Troubleshooting & Support
I didn’t receive my passcode. What should I do?
• Check your Spam/Junk folder
Make sure the email containing your passcode did not land in your spam or junk folder.
• Wait and Retry
If the code doesn’t arrive right away, wait for the 30-second timer to finish, then click Resend.