Multi-Factor SMS Authentication with Dialpad

Keeping users secure is essential. Multi-factor authentication (MFA) adds an extra layer of protection by requiring users to verify their identity through multiple methods, reducing the risk of fraud and compromised accounts.

Dialpad’s SMS MFA solution is simple yet effective, sending a verification code directly to a user’s SMS number for quick and secure access.

Who can use this
Multi-factor authentication (MFA) is mandatory for all Dialpad users who are not using one of our SAML or SSO integrations.
You can use email MFA or SMS MFA, or both.
SMS MFA is currently available in Australia, Canada, Japan, and the United States.
MFA is supported on all of Dialpad’s desktop, web, and mobile apps (Android & iOS).
To use this feature on the mobile app, ensure you're on Dialpad version 30.0.0 or higher for iOS and 27.0.0.5 or higher for Android.

How SMS multi-factor authentication works

Once your Dialpad Company Admin has enabled multi-factor authentication (MFA), each time a Dialpad user signs in with their email and password, they’ll receive an SMS with a one-time password (OTP).

Enter the verification code sent to your phone to proceed with authentication.

Once they’ve verified the OTP, they can log into Dialpad.

When MFA is required for all users, users must complete MFA registration upon their next login to any Dialpad app or the Admin Portal.

Authentication options for logging in without MFA setup, including SMS and email verification methods.

Note
Users must use their personal numbers to set up SMS MFA; Dialpad account phone numbers can’t be used for SMS MFA.

Add user to MFA exception list

Sometimes, a user might not have access to SMS messaging to receive the one-time code. Company Admins can create exceptions that let specific users skip the MFA process.

To add a user as an MFA exception, head to your Dialpad Admin Settings.

Select My Company
Select Authentication > MFA
In the Exception List, select Add User
In the Add users to the exception list window, enter the user’s name in the search bar
Select Add users

Note
You can’t add Admins (Regional, Office, or Company) to the Exception List.

The user(s) are displayed in the Exception List.

A view of the Exception List for MFA authentication.

Remove user from MFA Exception List

Company Admins can remove users from the Exception List at any time.

To remove a user from the MFA Exception List, head to your Dialpad Admin Settings.

Select My Company
Select Authentication > MFA
In the Exception List, select Remove beside the user you want to remove

Unlock a user

If a user has locked themselves out by entering the incorrect one-time password 5 times, admins can manually unlock the user.

To unlock a user, head to your Dialpad Admin Settings.

Select Office Settings > Users
Go to the user and select Options > Admin > Unlock account access

Setting up a phone number for SMS MFA

Users need to set up SMS MFA using their personal phone number to receive an OTP code when logging into Dialpad.

To add a phone number for SMS MFA, go to Your Settings.

Navigate to Multi-Factor Authentication
In Available Methods, select Set Up for the Text Message (SMS) option
In the SMS authentication setup window, enter your phone number and select Send Code
In the verification window, enter the code sent to your personal mobile and select Submit

Setting up a preferred MFA Method

Users can choose which MFA method they want to use as their primary option.

To set a preferred MFA method, head to Your Settings.

Navigate to Multi-Factor Authentication
In Available Methods, select Options > Set as preferred for your primary MFA method
In the confirmation window, select Confirm

A Preferred badge displays next to the desired MFA option.

Frequently asked questions

What if I enter the wrong verification code?

Dialpad gives you 4 chances to enter the verification code before resending the code.

30 seconds after the first code is sent, the resend-code button is enabled.

After 8 incorrect entries, you’re locked out of your account for 20 minutes.

Account blocked message indicating identity verification failure and next steps for users.

What if I don’t have access to SMS messaging?

If you can’t access SMS messages to receive the verification code, contact your Company Admin to have them add your profile to the exclusion list. Then, you’ll be able to log in without MFA.

Does the one-time password expire?

Yes. The one-time password code will expire in 10 minutes. Once expired, it can not be used to verify multi-factor authentication, and you’ll need to request a new code.

Can I change the phone number used to receive the code?

No. The one-time password will be sent to the user's primary phone number registered at Dialpad.

What if there is an outage with my phone carrier?

If your phone carrier is experiencing an outage, you can turn on email MFA so users can still log in to Dialpad.

To turn on email MFA, go to your MFA settings and select Turn Off beside SMS. Email MFA will automatically turn on.

The different MFA options are shown, with the option to turn one method off highlighted.

What if I don’t receive the verification SMS message?

If you don’t receive the verification SMS message, try switching to email verification. If that doesn’t work, contact our Customer Care team to verify that it was sent successfully.

How can I share my feedback?

To provide feedback on SMS MFA, please contact our Customer Care team or your Customer Success Manager.