Standard User Activation & Login Process

Overview

This article outlines the full process for activating a new RedFlag user account and explains what users can expect during both first-time setup and future logins.

When a user is added to RedFlag, they must activate their account before accessing the platform. This process ensures:

  • The user’s email address is verified
  • Terms & Conditions are accepted
  • Two-Factor Authentication (2FA) is configured
  • The account is secured prior to access

🛡️ Note: This article applies only to users who log in using an email address and password setup in RedFlag. If your organization uses Single Sign-On (SSO), this activation and login process does not apply to you.

🛡️ Note: If you use biometric login in the RedFlag mobile app (Face ID / Touch ID), 2FA will not be required at login.

Initial Account Activation (First-Time Login)

User Is Added to RedFlag

A Location Admin or Account Admin adds the user in: Users > Add User

The admin assigns:

  • User role (Super Administrator, Adminstrator, Editor, etc.)
  • Associated location(s)
  • Email address (this becomes the username)
  • Once saved, RedFlag automatically sends an activation email to the user.

Activation Email Is Sent

The user receives an activation email from support@pocketstop.com containing:

  • A secure activation link
  • Instructions to complete account setup

🛡️ Note: If the email is not received, the user should check spam or junk folders. An admin can resend the activation email from the Users page if necessary.

The user clicks the activation link in the email to begin setup.

This link:

  • Verifies the email address
  • Opens the secure account activation page

If the link has expired, a new activation email must be sent.

Agree to Terms & Conditions

Before accessing the platform, the user must:

  • Review the Terms & Conditions
  • Check the agreement box
  • Click Continue

This ensures compliance before system access is granted.

Configure Two-Factor Authentication (2FA)

To secure the account, the user must configure 2FA.

During setup, the user can choose how they would like to verify their account:

  • 📧 Verify using their email address, or
  • 📱 Register a mobile phone number for SMS verification

Depending on the selection:

If Email is selected:

  • A one-time verification code is sent to the user’s email address from support@pocketstop.com
  • The user enters the code into the platform

If Mobile Number is selected:

  • The user registers a valid mobile phone number
    • Only mobile numbers from supported countries can be registered.
    • If a country does not appear in the dropdown list, SMS verification is not available for that country. In this case, the user must use email verification for 2FA.
  • A one-time verification code is sent via SMS from 444222
  • The user enters the code into the platform

🛡️ Note: 2FA setup is required and cannot be skipped. At least one verification method must be configured to activate the account.

Verify Account with 2FA Code

After entering the verification code:

  • The system confirms the code is valid
  • The account becomes fully active
  • The user is logged into RedFlag

At this point, activation is complete.

Future Logins (After Activation)

After the initial setup is complete, all future logins will follow this process:

Enter Email & Password

The user navigates to the RedFlag login page and enters:

  • Email address
  • Password

Choose Verification Method

After submitting login credentials, the user will be prompted to choose how they would like to receive their verification code:

  • 📱 Text Message (SMS) sent to their configured mobile number from 444222
  • 📧 Email sent to their login email address from support@pocketstop.com
  • The user selects their preferred method.

Enter Verification Code

  • A one-time verification code is sent via the selected method.
  • The user enters the code into the platform.
  • Upon successful verification, access is granted.

🛡️ Note: If the user cannot receive SMS messages, they may choose email verification instead.

When 2FA Is Not Required

2FA will not be prompted during login in the following scenarios:

Single Sign-On (SSO)

If your organization has SSO enabled, authentication occurs through your identity provider (such as Microsoft or Okta). RedFlag does not require separate 2FA in this case.

Mobile App Biometric Login

If biometric login (Face ID / Touch ID) is enabled in the RedFlag mobile app:

  • After the initial login and 2FA verification, future logins on that device can use biometrics
  • 2FA will not be required each time

If biometric login is disabled or the user logs in on a new device, 2FA will be required again.

Updating Your 2FA Mobile Number

If a user needs to update their mobile number for SMS verification:

  1. Log into RedFlag
  2. Click your name in the upper-right corner
  3. Open User Profile
  4. Update the 2FA mobile phone number
  5. A verification code will be sent to the new mobile number
    • If the location has a dedicated text number configured, the verification message will come from that number. If the location does not have a text number configured, the verification code will be sent from 444222.
  6. Enter the code to confirm

Once verified, the new mobile number will be used for SMS-based 2FA on future logins.

🛡️ Note: Only one mobile number can be registered per user account.

Shared Logins & 2FA Best Practice

RedFlag strongly recommends that each individual have their own unique user login.

Shared user accounts (multiple people using the same email and password) are not recommended for the following reasons:

  • Only One Mobile Number Per User – Each account can only have one mobile number registered for SMS-based 2FA. If multiple people share a login, only one person’s phone can receive verification codes.
  • Only One Email Per User – The account is tied to a single email address for login and email-based verification. Shared access to a common inbox can create delays or confusion when receiving 2FA codes.
  • Mobile App Biometric Login Limitations – The RedFlag mobile app supports biometric login (Face ID / Touch ID). Biometric authentication is device-specific and tied to a single individual. Shared accounts prevent proper biometric login functionality across multiple users.

🛡️ Note: Each user should have their own individual account with their own email address and (if applicable) their own mobile number configured for 2FA. This ensures proper verification, smoother login experiences, and full support of mobile app security features.