Increase the security of your access to the reev Platform by requiring a second authentication method when signing in.
Overview
Multi‑Factor Authentication (MFA) provides additional protection for all user accounts on the reev Platform.
In addition to an email address and password, a second code from an authenticator app is required to verify identity.
1. Configure MFA for Your Organisation
Set the MFA policy centrally at the organisational level to ensure a consistent security standard.
Steps
Log in to the reev Platform using a system user account.
Navigate to Administration → Security Settings.
In the Multi‑Factor Authentication Policy (MFA Policy) section, choose one of the following options:
Disabled – MFA is turned off; users cannot enable it.
Enabled – MFA is optional; users can enable it individually.
Forced – MFA is mandatory; all users must set up MFA at their next login.
Note: In multi‑account environments, the policy is defined on the parent reev Platform and automatically applies to all child platforms.
2. How MFA Works for Users
When MFA is Enabled (optional)
Each user can activate MFA in their personal settings on the reev Platform:
Scan the QR code using an authenticator app (e.g. Google Authenticator, Microsoft Authenticator).
Enter the one‑time verification code from the app.
Save the displayed backup codes securely.
At every login, the following is required:
Email address and password, and
A 6‑digit code from the authenticator app (or a backup code).
Users can disable MFA again as long as the organisational policy remains Enabled (optional).
When MFA is Forced (mandatory)
Users who have not yet set up MFA are automatically guided through the setup process during their next login.
Setup process:
Log in with email address and password.
Scan the QR code with an authenticator app.
Enter the 6‑digit verification code.
Download, copy, or print the backup codes.
Important:
MFA cannot be disabled while the policy is set to Forced.
If the policy is changed to Disabled, MFA will no longer be required for future logins.
3. Backup Codes and Account Recovery
When MFA is activated, each user receives a fixed set of single‑use recovery codes:
These are displayed only once during setup.
They can be copied, downloaded, or printed.
If a user loses access to their authenticator app (for example, due to a lost or replaced device), they can log in using one of these backup codes.
Each code is valid only once.
Recommended best practices:
Store the backup codes in a secure location (e.g. password manager or printed copy).
Keep the codes separate from the smartphone used for authentication.
4. Scope and Availability
MFA applies exclusively to reev Platform (web access) users.
The Driver App is excluded to keep the experience simple for end users.
MFA is available in all standard licence tiers – there are no additional licence costs.
5. Recommended Rollout Strategy for CPOs
Many Charge Point Operators (CPOs) implement MFA gradually to ensure a smooth transition.
Planning and Communication
Decide whether MFA should first be optional or immediately mandatory.
Inform internal teams (e.g. operations, finance, fleet management) about:
The activation timeline,
Supported authenticator apps, and
How to store backup codes securely.
Soft Rollout (Recommended)
Initially set the policy to Enabled (optional).
Encourage all users to activate MFA during this phase.
Provide short internal guides or screenshots to assist with setup.
Mandatory Rollout
Afterwards, change the policy to Forced to ensure full coverage.
Monitor support requests related to lost devices or backup codes and adjust internal processes accordingly.