Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt

Use this file to discover all available pages before exploring further.

Pria supports opt-in email Multi-Factor Authentication (MFA). When enabled, password and OAuth (Google, GitHub, Facebook) sign-ins from a new browser or network require a 6-digit code emailed to your account address. Browsers you’ve already verified stay trusted for 7 days, so day-to-day use stays friction-less.
Who should turn this on? Anyone with admin or super-admin privileges is strongly encouraged to enable MFA — those accounts can read cross-institution data, audit logs, and billing. Standard users can opt in voluntarily.

Turning MFA on

1

Open My Profile → Two-Step Verification

From the user menu, choose My Profile and scroll to the Two-step verification (email) section.
2

Toggle 'Require a 6-digit email code on new devices'

Pria immediately:
  1. Marks your account as MFA-enabled
  2. Sends a 6-digit verification code to your email
  3. Switches the screen to the verification entry form
The verification step is part of enabling — it proves Pria can reach your inbox so you don’t accidentally lock yourself out.
3

Enter the 6-digit code

Check your email (the address you sign in with). Type or paste the code into the six boxes — the form auto-submits when the sixth digit lands. On iOS the keyboard suggestion bar surfaces the code straight from Mail; tap it once to fill all six boxes.
The code expires in 5 minutes. If you mistyped 5 times in a row, the code is burned — click Resend code to get a new one (30-second cooldown between resends).
4

You're done — green checkmark, redirect

A short success animation confirms verification, then Pria redirects you back into the app. This browser is now a trusted device for the next 7 days; you won’t see another MFA prompt unless your IP changes drastically or 7 days pass.

What if I can’t get the email?

Click Cancel on the verification screen. Pria rolls your account back to MFA-disabled automatically, so you’re never stuck in a half-enabled state. Check your spam folder, fix any email delivery issue, then try again. If your account’s email address itself is wrong, edit it in your profile first.

Signing in once MFA is on

1

Sign in normally — password or OAuth

Enter your credentials (or click the Google / GitHub / Facebook button) as usual.
2

Pria checks for a trusted device

If you’re using the same browser within the 7-day window and your network hasn’t changed dramatically, you go straight in — no code prompt.
3

Enter the code if prompted

On a new browser, after a long break, or from a different network, Pria emails you a fresh 6-digit code. Same form, same auto-submit, same trusted-device cookie issued on success.
“Trusted” doesn’t mean “forever”. Trusted-device cookies expire after 7 days (or whatever your administrator configures). If you sign out and back in on the same browser, you stay trusted — the cookie survives logout. If you clear cookies, you’ll re-verify on the next login.

Managing your trusted devices

From My Profile → Two-step verification, the Sign out trusted devices button revokes every browser you’ve previously verified. The next login from any device — including the one you’re using now — requires a fresh 6-digit code. Useful when:
  • You signed in on a shared / public computer and forgot to log out properly
  • You lost or sold a device that had access
  • You want to refresh your security posture after a suspected password compromise
This action does not sign you out of your current session — your active JWT keeps working until normal expiry. It only invalidates the MFA-skip cookies, so your next fresh login forces verification.

Turning MFA off

Toggle Two-step verification off in your profile. Pria:
  1. Records the change in the audit log
  2. Clears your trusted-device list (so the cookies still in browsers become useless)
  3. Leaves your active session alone — your current JWT keeps working
Your next sign-in proceeds normally with just password or OAuth, no code prompt.

Recovery

If you’ve locked yourself out (lost access to your email, mailbox full, etc.):
  • Standard users: contact your instance administrator. They can toggle MFA off on your account from the admin Users panel.
  • Instance admins: another admin or super admin on the platform can disable MFA for you.
  • Super admins: another super admin can rescue you. If you’re the only super admin, contact Pria support.
Backup codes aren’t supported in this initial release — the recovery path is admin-assisted. We’re tracking this for a future iteration.

What gets logged

Every MFA-related action — enabling, disabling, code issued, code verified, wrong code, trusted-device added/revoked, prompt dismissed — is written to a per-user audit log. Administrators with the appropriate entitlement can review these events from the Users panel. This is for compliance and security audit; it does not include your password or the actual code, only metadata (timestamps, IP, user-agent).