Multi Factor Authentication

Multi Factor Authentication for InControl
InControl is Mazars' online platform with which we work together with you in a simple, safe and personal manner. Naturally, we apply the highest standards on both quality and security.

Multi Factor Authentication
In order to meet the latest security standards, InControl uses Multi Factor Authentication for logging in. This means that after entering your e-mail address and password, you confirm your login with an app on your smartphone. 

Why Multi Factor Authentication?
Multi Factor Authentication (MFA) is an additional security step used to access web applications such as InControl. MFA provides additional assurance that only authorised persons can access the data in the web application. With MFA, InControl will meet the latest security standards.

Confirm your login with the OKTA Verify app
For InControl, we use the OKTA Verify app as an added security step. You download the OKTA Verify app and link it to your InControl account. Then, you log in as usual with your e-mail address and password. Next, you confirm the login via the app. Easy and safe.

How does it work?
1. Download the OKTA Verify app in the App store (iPhone) or the Google play store (Android) 
2. Log in to www.mazarsincontrol.com with your e-mail address and password
3. Follow the instructions and link your phone to your InControl account

Frequently Asked Questions

Why has logging in to InControl changed?
Mazars has the highest standards for the security of InControl and wants to comply with the latest security standards. In order to continue to comply in the future, we are adding an extra security step to logging in, namely confirming the login via a smartphone.

I don't have a smartphone, how can I confirm?
In that case, please contact the InControl service desk. Please check our support page for contact details

How do I confirm login to InControl ?
1. Download the OKTA Verify app in the App store (iPhone) or the Google play store (Android)
2. Log on to www.mazarsincontrol.com with your user name and password
3. Follow the instructions and link your phone to your InControl account

I already use the OKTA Verify app. What should I do?
In that case, you don't need to download the app, but you can immediately start registering your device and linking it to your InControl account. Go to www.mazarsincontrol.com and log in with your e-mail address and password. Next, follow the instructions to link your phone to your InControl account.

Was InControl not safe enough?
InControl was and is safe. By adding the extra security, Mazars ensures that InControl meets the highest quality requirements in the field of security, now and in the future.

Is InControl affected by the October 2023 OKTA Security breach?
Mazars is not affected by the Okta security breach of October 2023. We received the following official statement from Okta:

''Dear Customer,

Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system.

The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.

All customers who were impacted by this have been notified. This email is an informational message. If you are an Okta customer receiving only this message, there is no impact to your Okta environment or your support tickets.

Within the course of normal business, Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity. HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users. Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it. 

Attacks such as this highlight the importance of remaining vigilant and being on the lookout for suspicious activity. We are sharing the following Indicators of Compromise to assist customers who wish to perform their own threat hunting activity. We recommend referring to our previously published advice on how to search System Log for any given suspicious session, user or IP. Please note that the majority of the indicators are commercial VPN nodes according to our enrichment information.