Previously, setting up multi-factor authentication (MFA) has been optional but recommended. However, in alignment with emerging industry standards, and to help keep your firm’s data as secure as possible, MFA will soon become a requirement for all password-based users. The rollout of this requirement will begin the week of December 8, 2025.
This article discusses what users can expect starting December 8, along with the steps they can take to avoid disruption. We’ll also share some helpful resources for Account Admins to prepare and support their team through this transition.
Why MFA is critical to your organization’s security
In the current era of sophisticated phishing schemes, fraud, and automated cyberattacks, a password alone is no longer enough to keep your account secure. If even one user’s password is compromised, the results can be catastrophic.
Simply adding a second verification step to the login process can prevent more than 99% of account-related attacks. As your trusted legal tech partner, Filevine is committed to helping safeguard your organization from these risks.
Training Video
Watch the Filevine training team’s step-by-step guide to Filevine’s MFA.
Watch the embedded video below, or open the video in a new tab with a transcript.
What’s Changing
Starting the week of December 8, password-based users who have not yet enabled MFA will see the following prompt during login:
After clicking Set Up MFA, they will first be prompted to enter a verification code from their email. For this reason, all users must have access to the email address associated with their Filevine login.
Once verified, they must choose at least one of the following options as an additional verification method:
- Text Message (SMS): the user will receive a one-time verification code via text message.
- Authenticator App: the user will receive a verification code generated by a mobile authenticator app of their choosing.
To learn more about these options, read the Multi-Factor Authentication section of the Account Manager: Security article.
Once MFA setup is complete, users will be prompted to enter their username, password, and a verification code from one of their chosen methods during login.
How to Prepare
This transition will not impact the following types of users:
- Password-based users who have already set up MFA
- SSO-enabled users who sign in using an external identity platform rather than a Filevine-specific password
To avoid disruption, we strongly encourage all password-based users to enable MFA before the week of December 8. Here’s how to check whether you have already set up MFA for your Filevine profile.
-
Open Account Manager. Select your profile picture in the top right corner, and then click Manage My Account to launch the Account Manager tool.
-
Navigate to the Security section. In the lefthand side menu, select Security. This section allows you to change your password and set up MFA.
-
Click Edit. Under the Multi-Factor Authentication heading, click Edit. For added security, you will be prompted to reverify your identity before proceeding.
-
Make sure at least one verification method is enabled. Under the Multi-Factor Authentication heading, two verification methods are listed: Authenticator App and Text Message (SMS). Methods with a Set Up button have not yet been enabled. If at least one method is enabled, no further action is required.
If no verification methods are enabled yet, follow the steps in the Account Manager: Security article to set up at least one method.
Account Admin Resources
Get ahead of the curve and avoid interruptions for your team by encouraging them to act now and enable MFA early. Expand each item in the list below to learn more about how to prepare your team for this transition.
Identify Impacted Users
Account Admins can use the Account Manager tool to identify which of their users have not yet configured MFA. Follow the steps below to identify these users.
Note
As a reminder, SSO-enabled users, as well as password-based users who already enabled MFA, are not impacted by this transition.
-
Open Account Manager. Select your profile picture
in the
top right corner, and then click Manage My Account
to launch
the Account Manager tool.
- Navigate to the Users section. In the lefthand side menu, select Users. This section allows you to view and manage your users’ access and authentication levels. (If you don’t see this section in Account Manager, you do not have Account Admin permissions.)
-
Filter by Login Type: Password and MFA Status: Disabled.
In the Users tab, locate the Filters sidebar on the lefthand
side. Expand
the “Login Type” dropdown and select Password.
Expand the
“MFA Status” dropdown and select Disabled.
These steps will provide you with a filtered list of password-based users who have not yet enabled MFA.
We recommend instructing these users to enable MFA before the week of December 8, 2025 to avoid interruptions following that date. They can follow the steps in the Account Manager: Security article to complete this setup.
Use Unique Emails
In order to set up MFA, users will be required to enter a verification code sent to their email address. If users cannot access that inbox, they will be unable to sign in after rollout begins.
Going forward, it is recommended that all users have their own unique email address and avoid using shared email accounts. This approach is a best practice not only for MFA, but for better data integrity—allowing for more transparent audit records that clearly identify which individuals took certain actions.
For users that will need to update their email address, there are two options available.
- Option 1: instruct the user(s) to change the email on file for their account. They can complete this action in the Profile section of the Account Manager tool. This option is ideal if you want to preserve the user’s permissions, assignments, and audit history.
- Option 2:invite the user(s) to access Filevine using their unique email address. Keep in mind that this action will create an entirely new user profile, and you will need to reconfigure the user’s permissions and assignments. This option may be ideal if the original account was used by multiple individuals and is not a direct 1:1 transfer.
Whitelist Verification Emails
In order to set up MFA, users will be required to enter a verification code sent from reminders@filevine.com.
Make certain this email address is whitelisted as a trusted sender for your organization. Otherwise, users who are unable to receive these verification codes will be unable to sign in after rollout begins.
Comments
0 comments
Article is closed for comments.