Multi factor authentication
GlacialBooks requires MFA before financial account connection flows are surfaced. This protects customer bank data before Plaid Link is opened and keeps the control enforced on the server even if a client is modified.
Open account securityAccount security
Required before connecting financial accounts
Multi factor authentication
Required
Financial account connections
Blocked until MFA is enabled
Consumer application
Users manage multi factor authentication in Account Settings. Provider-managed MFA state is synchronized from identity provider security events when Entra based MFA is enabled.
Plaid Link gate
Financial account connection endpoints verify MFA before creating a Plaid Link token or exchanging a public token. The frontend also checks MFA before opening the provider flow.
Critical systems
Production access to systems that store or process customer financial data requires centralized identity, MFA, role assignment, and audit logging.
Support access
Internal support access is separate from customer organization roles, requires an approved internal identity, and is reviewed every 90 days.
Password and lockout controls
Password reset links expire after 60 minutes. Email verification links expire after 24 hours. Local password accounts lock for 15 minutes after 5 failed sign-in attempts.