Helpful Hint – Setting up Two Factor Authentication (2FA) in VITAL Online

Instructions below for:
– setting up 2FA using an Authenticator App
– logging on to VITAL Online using 2FA
– troubleshooting (what to do if you lose access to an Authenticator app – e.g. a new phone & what to do if your One Time Password is “not valid”) & Notes

Two Factor Authentication (2FA) has been implemented in VITAL Online to maintain required security standards.

How set up an Authenticator application

  1. Download an Authenticator app (or use one you already have).
    Google Authenticator and Microsoft Authenticator are both popular version – any authenticator app can be used.
    Hint: This can be downloaded on your computer, phone or other device – however many users have reported that it easier to use an Authenticator from a phone.
  2. Login to VITAL Online and click on “SETUP 2FA” (as per image below)
3. Click on ENABLE (as per image below)

4. Open the Authenticator App. Click on the Add (+) button (or similar) to initiate the process to link the Authenticator app to VITAL Online. The Authenticator app should prompt the user to scan the QR code or using the TOTP code.
Note: If scanning the code, ensure that the scan is done using the Authenticator App – do not use the Camera App to scan the code.
Also, record the Recovery Code. The recovery code will give access temporarily to VITAL Online where the Authenticator app is not available. (see notes below if reset of Authenticator is required)


5. Follow the prompts in VITAL Online to enter the Verification Code.

Login to VITAL Online using 2FA

  1. Login at vital.allergenbureau.net. Enter email and password and select LOGIN.

2. Access the linked Authenticator app to get the One Time Password and enter into VITAL Online and select LOGIN

Troubleshooting & Notes

  • A notice that the user is “unable to log in with provided credentials” indicates that the incorrect password has been entered. Please use the “forget password button” to reset your password.
  • A notice that the user has “Exceeded login attempts before 2FA enabled.” requires the Allergen Bureau to reset the login. Please contact the Allergen Bureau via VITAL Online “Contact Support” or directly at info@allergenbureau.net.
  • If the one time password (OTP) generated by the authenticator is “Not Valid”, a likely issue is that the times on the device with the Authenticator and the device running VITAL Online are not synchronized. The solution is to have the time on both devices to be ‘Set Automatically’ (and not manually set).  Please also consider checking your time zone/daylight saving settings.
  • Each logon can only be linked to one Authenticator account.
  • It is not possible to disable 2FA for any user in VITAL Online. It is not possible to use SMS or phone as an authenticator method. The only 2FA method for use with VITAL Online is an Authenticator application.
  • When having issues with 2FA, there might be caching behaviour of your browser. Please apply your business protocol for cleaning up. The below information might assist you to clear the browser cache:
    • Chrome, Firefox, or Edge for Windows: Press Ctrl+F5 (If that doesn’t work, try Shift+F5 or Ctrl+Shift+R).
    • Chrome or Firefox for Mac: Press Shift+Command+R.

A new phone?

  • If you lose access to the Authenticator app (e.g. new phone), contact the Allergen Bureau via VITAL Online “Contact Support” or directly at info@allergenbureau.net to reset your account to allow a new Authenticator app to be linked.

Like to prevent future login issues?

  • It is considered best practice to add a secondary business email to ensure that, in case there are issues with the primary owner email, a secondary email can be accessed to ensure business continuity.
  • Shared email addresses are not recommended for the system.  They create issues for the 2FA process as an authenticator app must be used to log in. 
  • There is no limit to the number of users that can be added to the VITAL Online account.