PDQ uses business verification to confirm account ownership for MFA resets and to validate organizations requesting full PDQ Connect trial access. These processes ensure that only authorized and verified users can regain access to existing accounts or unlock all PDQ Connect trial features.
Important: Verification steps protect your organization from unauthorized access. Without confirming who controls the account, a malicious actor could impersonate an admin, gain access, and use PDQ to deploy harmful software or disrupt systems. The checks specified in this article ensure that only verified owners can make high-impact changes, such as MFA resets or enabling all Connect trial features.
This article explains:
- When MFA cannot be reset
- How PDQ verifies identity and account ownership
- What steps to take before requesting assistance
- Why verification requirements differ between PDQ Connect and PDQ Deploy & Inventory (D&I) and what methods are available to you outside of automated Identity Verification (IDV) services to enable all features of your PDQ Connect trial
- How to request an MFA reset or feature enablement in a Connect trial.
- Preventing MFA lockouts in the future.
When you might not be able to reset MFA
There are some cases where MFA can’t be reset directly:
- The guidance in this article does not resolve the issue: I can't get into my PDQ account! What can I do to regain account access?
-
You’re the only person on the account and lose access to your MFA method.
With no additional admins or recovery users, PDQ can’t validate ownership automatically. - The account owner has left the company and used a personal phone number or authenticator app for MFA.
- You can’t access the account email associated with the PDQ subscription.
If you’re in one of these situations, follow the recovery guidance below.
If the account owner has left the company
If the previous account owner is no longer with your organization, and you were unable to transfer the account ownership, your IT department may be able to help recover access.
Here are some ways to do this:
- Access the previous owner’s email account. Use that email to request an account reset via the billing portal.
- Add the previous owner’s email as an alias to your own email account, then perform the account reset.
- Create a mail forwarding rule to redirect messages from the previous owner’s email to yourself, then complete the password reset.
Once access is restored, follow our Changing the Account Owner article to update ownership to your address.
How to find the current account owner
-
PDQ Deploy & Inventory: In the product, go to Help > Current Configuration Summary.
This opens a text document that includes the license email. - PDQ Connect: Go to Settings > Teammates to view the account owner and team members.
How PDQ verifies MFA reset requests & Connect trial feature requests
To protect your organization and prevent unauthorized use, PDQ verifies identity and ownership before completing an MFA reset or unlocking full trial functionality in PDQ Connect. This process ensures that only verified employees from legitimate organizations can regain account access or enable all features during a Connect trial.
Provide the following with your request:
- Your full name
- Company name
- Your position/title
- The email address you’re trying to log in with
- A brief description or screenshot of the MFA issue (if not a PDQ Connect trial request)
Verification options
PDQ Connect: you must complete two of the three methods below.
PDQ Connect Trial: you must complete two of the three methods below to lift all Connect trial restrictions OR use automated IDV (Identity Verification) services.
PDQ Deploy & Inventory: you must complete one method below.
| Method | Description |
|---|---|
| Phone call | PDQ will call your company using a publicly listed phone number (e.g., your website or Google Business profile) to validate employment. Return calls are not accepted due to security policy. While we cannot call a specific phone number you provide in a support ticket, you can provide some direction (e.g. specific branch office location), as long as the number is publicly listed on your company's website. Inbound calls to PDQ are not accepted for verification purposes due to security policy. |
| Notarized affidavit | A signed, notarized document on company letterhead that includes your identity, title, employer, and authorization to regain account access. Notarization requirements may differ by country. See additional notes below. |
| DNS TXT record | PDQ will supply a temporary TXT record value for verification. Add it to your domain’s DNS zone, notify PDQ when live, then remove it after verification. See additional notes below. |
These options help us verify both your identity and organizational authorization to access the account.
Notarized affidavit guidelines
If you choose to verify your identity with a notarized affidavit, please follow these requirements to ensure your document is accepted:
- The notary stamp or seal must appear on the same page as your signed affidavit, unless local laws require otherwise.
- Sign and date the affidavit only while in the presence of the Notary Public. The signature and notarization dates must match; mismatched dates may cause your document to be rejected.
- You may use either an in-person Notary Public or a Remote Online Notary (RON). If using a remote notary, they must meet all legal requirements in your country or region.
- PDQ recommends using a US-based Notary Public whenever possible for the fastest review, but any properly qualified notary in your area is acceptable.
- If you’re unsure about notarization laws where you’re located, please consult a licensed notary or legal professional before proceeding.
DNS TXT record guidance based on common vendors
| Vendor | External Guidance (opens to a non-PDQ site) |
| GoDaddy | Add a TXT record |
| Verify your domain with a TXT record | |
| Microsoft Entra ID | Add a TXT or MX record to verify you own the domain. |
| NameCheap | How do I add TXT/SPF/DKIM/DMARC records for my domain? |
Why PDQ requires verification
MFA helps safeguard your organization’s data and account access. When MFA is removed or reset, verifying ownership prevents unauthorized users from gaining access. For PDQ Connect trial accounts, this same verification step confirms that trials are being activated by legitimate organizations and used for authorized business purposes
PDQ’s verification process ensures:
- Only authorized employees can regain access or make decisions on the account
- Unauthorized users cannot take control of your organization’s PDQ account
- For Connect trial accounts, this helps ensure the trial is legitimate and appropriate
- Alignment with established security standards also followed by other major SaaS providers
Why verification differs by product
Verification requirements reflect each product’s architecture and risk profile.
| Product | Hosting model | Data exposure | Risk level | Verification required |
|---|---|---|---|---|
| PDQ Deploy & Inventory | Self-hosted (on-prem) | Limited; PDQ does not host your environment or data | Lower. Reset affects local access only | One verification method |
| PDQ Connect | Cloud-hosted | PDQ hosts organization data, settings, credentials | Higher. Reset could expose or modify PDQ-managed resources | Two verification methods |
| PDQ Connect Trial | Cloud-hosted | PDQ hosts organization data, provides agent installer | Higher. Illicit trial accounts can be used for malicious purposes | Two verification methods |
Explanation
- PDQ Deploy & Inventory run entirely within your own environment. Resetting MFA affects only portal authentication and access to license keys. No organizational IT information is accessible, so one ownership check is sufficient.
- PDQ Connect is a cloud-based platform managed by PDQ. It stores organization-level data and configuration, and can be used to perform any administrative function on any device where the PDQ Connect Agent has been installed. As a result, any MFA reset carries significantly greater security implications.
- PDQ Connect Trial operates on the same cloud-hosted infrastructure as PDQ Connect and provides access to organization-level features and the PDQ agent installer. Because unrestricted trial access can be abused for non-legitimate or malicious purposes, PDQ requires two verification methods to confirm that trial accounts are associated with real organizations and authorized users.
How to request an MFA reset or lift Connect trial restrictions
- Open the appropriate case with PDQ support:
- Provide your name, company, position, email, and details of the MFA issue (include a screenshot if possible) or if the request is to enable Connect trial features. See details in How PDQ verifies MFA reset requests & Connect trial feature requests above.
- Select your verification method(s): two for Connect/Connect trial, one for D&I.
- PDQ support will respond with additional guidance on how to complete the verification processes you have selected. Do not proceed until PDQ has replied.
- Complete the verification steps as provided by PDQ support.
- After successful verification, PDQ will complete the MFA reset or enable the Connect trial features and confirm.
Be advised, while we make every attempt to expedite requests, this process can take multiple days to complete.
Preventing future MFA lockouts
- Add multiple admins or teammates to your PDQ organization. You can use a stand-in or proxy account.
- Avoid using personal devices (like personal cell phones) as a factor in your multi-factor enrollment whenever possible.
- Update account ownership promptly before or when staff members leave the company: Transfer Account Ownership to a New Administrator
See Also
- I can't get into my PDQ account! What can I do to regain account access?
- Configure Multi-Factor Authentication (MFA) Settings
- How to Reset Multi-Factor Authentication (MFA)
- Configure Login MFA/OIDC Policy for your Organization
- Choose Login and Authentication options for your Account
- Changing the Account Owner
