This article will go through the Authenticator and how Multi Factor Authentication (MFA) works with Blackpurl
We will also cover what happens if you need to change your Authenticator ie you have previously setup your Authenticator on your cell / mobile phone BUT you now have a new cell / mobile phone etc
For more information on what is MFA etc and why is it needed, please review our article - Multi Factor Authentication (MFA) for Blackpurl User Logins
Selecting and Setting up your Authenticator
In order to setup Multi Factor Authentication (MFA) for Blackpurl, your Dealership will have to decide which Authenticator they are going to use and have it installed / setup
An Authenticator is a security application that will generate a unique / time based / one time password for MFA
These codes are used alongside your regular username and password to verify your identity when accessing your Blackpurl for an added layer security
Keep in mind that Blackpurl Support will be unable to support and/or assist with your Authenticator setup and /or any issues with the Authenticator that your Dealership elects to use
If the Dealership is running into issues with the Authenticator then they will need to contact their IT
Once you have your Authenticator up and running, then the next time you log into Blackpurl, MFA will be in play and you will be asked for the code that your Authenticator gives you, in order to log in
Your Dealership can use any of the authentication methods that are supported by your Salesforce products MFA functionality and whilst we do not recommend any particular Authenticator, these are a few that the Dealership (or your IT) can select from:
- Salesforce Authenticator mobile app (available on the App Store or Google Play)
- Time-based one-time passcode (TOTP) Authenticator apps like Google Authenticator and Microsoft (both can be downloaded to your mobile device or onto your desktop) OR the Authenticator app Authy (which can be downloaded on your mobile device only))
- Security keys that support WebAuthn or U2F, such as Ybico's Yubikey or Googles Titan Security Key
- Built-in authenticators such as Touch IF, Face ID or Windows Hello
Salesforce Authenticator App
If you wish to use the Salesforce Authenticator App as your method of authentication the instructions below describe the user experience, please pass this information to your IT person:
Regular login screen:
Next the user will be prompted about the Salesforce Authenticator:
If the user has a smart device (phone or tablet) that they’re allowed to use at work, they can follow the instructions here to install the Salesforce Authenticator App. This is going to provide the most hassle-free experience for the user.
After installing the Salesforce Authenticator App, it should look like this:
After selecting "Add an Account"
Type the two word code from the app into the login screen (or use the Scan QR Code option by hitting “Choose Another Verification Method” at the bottom of the login screen):
After hitting connect, in the app, you should see something like this:
For all future logins now, after the user provides their username and password, they’ll get prompted with:
The notification they will receive on their device from the Salesforce Authenticator App and, tapping on it, they’ll see something like:
After a couple of approvals from the same location, assuming the Authenticator has been given the permission to see the user’s location, it will prompt the user with the “Always approve from this location” action
If the user toggles that on and hits ‘Approve’ one last time, the Authenticator will now auto-approve any login the user makes as long as they have they have the device with their Authenticator with them and they are at the location in question
Google Authenticator App
If you wish to use the Google Authenticator App as your method of authentication the instructions below describe the user experience, please pass this information to your IT person:
Then the next time you log into Blackpurl, click on 
User selects ‘Use verification code from an Authenticator app’ and clicks on the ‘Continue’ button
It opens a new screen to connect to the Authenticator app and displays a QR code that User needs to scan from the mobile device using an Authenticator app (Example - Google Authenticator)
Now, on mobile device User needs to go to the Google Authenticator app and click on the ‘+’ icon to add a new account where he will see an option to scan the QR code
User clicks on ‘Scan a QR code’ that adds the account in the Authenticator app
An authentication code is displayed which is used when the User tries to login to Salesforce again
After successful verification of the code, User is logged in to Salesforce account
Using the Security Keys Method
Once MFA is enabled, on the next login this is the screen that should pop up for you to click on - Choose Another Verification Method
to finish the process
the Security Key will be verified as the MFA method on the accountBlackpurl - what does the MFA screens look like
Once you have your Authenticator setup, each time you log into your Blackpurl, you will be required to:
- First Step - use the Blackpurl log in page and type in your Username and Password
- Second Step - the MFA Verify Your Identity screen will now pop up on your device
It will look similar to this screen (yes it will say SalesForce as it is the platform provider for Blackpurl):
- Third Step - use your Authenticator to provide you with the Verification Code that you need to type in, in the relevant field above before clicking on
Once the verification is complete, you should now be able to log into Blackpurl
Changes to your Authenticator
If you need to change your Authenticator for scenarios such as:
- your Authenticator is on your cell / mobile but you have purchased a new cell / mobile: or
- your Authenticator for your login was on another person's device and that person has since left the Dealership
In both these sort of scenarios, please reach out to Blackpurl Support and provide them with your username and ask for the Authenticator to be removed
Once you have been advised that the Authenticator has been removed, the user will then need to setup the Authenticator on their new device and then next time they log into Blackpurl, they will be required to finalise the MFA setup