Trimble ID Multifactor Authentication

Multifactor Authentication (MFA) is an added layer of security used to verify your identity upon sign in.

Multiple Factors of Authentication

Having two factors of authentication makes your account more secure. The first factor is your username and password; the second factor is commonly a verification code.

For unfederated users, you can verify your identity in one of the following ways:
  • [Default method] One-time passcode (OTP) - after you enter your email address and password, Trimble ID prompts you to enter an OTP, sent to your primary email address. This method will be enforced across Trimble products by April 2026.
  • Passkey - an encrypted digital key using your fingerprint, facial recognition, or PIN.
  • Authenticator app - an application is used to generate a one-time authorization code. The application can be any OTP enabled app, such as Google Authenticator or Microsoft Authenticator.
  • Secondary email OTP - a six-digit passcode sent to an email address which is different from the primary email address.
Note: Currently there is no way for an admin to set whether their users must enable MFA. If your company wants this functionality, you must set up a federation with a 3rd-party enterprise identity provider (IdP), such as Microsoft Entra ID, Okta, Google ID, etc.

Federation allows Trimble customers to use their credentials from other systems with Trimble ID, meaning all policies configured in the 3rd-party IdP apply to Trimble ID. For more information on Trimble federations, see Trimble Identity Federation FAQ.

Multiple MFA Methods

If you have more than one MFA method set up, you can use it to authenticate your Trimble ID account even if you lose access to another method. For example, if you have a secondary email set up already, you can use it to regain access to your account if another MFA method isn't working for you.

If you are using an application like Okta for your MFA and you get a new device, you will need to activate the application on the new device. This process is different for each application and you may need to refer to its help section for specific instructions.

If you are unable to access your account using any MFA methods, contact Support to temporarily disable MFA on your account.