We’re updating our authentication method from SAML to OpenID Connect (OIDC), a more secure and modern standard. This change will affect how you log in to the FlexMLS mobile app, but don’t worry – it’s a smoother experience overall.
Here’s what’s changing:
When you open the mobile app and enter your username, you’ll now be redirected to the Clareity login screen to finish signing in.
After you log in through Clareity, you’ll return directly to the app.
You won’t see the Clareity login screen again when accessing third-party tools—just one login up front.
Pro Tip: To make logging in even faster, we recommend saving your FlexMLS credentials in your mobile browser to avoid re-entering your username.
Desktop logins remain the same. This update focuses on making mobile access easier and more secure.
MFA is an additional layer of security to help protect everyone whose data is accessed using a user’s username and password.
MFA will challenge users when the risk score of their log in score is medium or high.
The user will be offered the choice of email or text. If a user does not have a mobile #, then only email will be offered. If there is no email, then they would not have a record in Clareity. An email is required on every member record in Clareity.
Alternatively, a user may choose to authenticate using biometrics from a FIDO device like their smartphone or tablet. This does not require that the member have their cell phone on record with the MLS or in their Clareity profile.
The user should cancel the MFA screen, contact the MLS and have their information updated in the MLS member roster system. After 15 minutes, Clareity will be updated, and the user should attempt to log in again. They may be challenged again, and the new mobile and/or email would be there.
Alternatively, a user may choose to authenticate using biometrics from a FIDO device like their smartphone or tablet. This does not require that the member have their cell phone on record with the MLS or in their Clareity profile.
The code is good for 20 minutes.
No. Authentication codes are only sent to the text device it is addressed to, and not to “Connected devices.” This is a security measure to prevent the code from being hijacked by other devices.
However, when using biometrics on Apple devices, which utilize Passkey, if the member has saved the Passkey to their iCloud, they can then use any connected device with a camera interchangeably. That is an Apple feature, not a Clareity feature.
At first, users may feel they are more frequently asked to authenticate with MFA while the AI (Artificial Intelligence) is learning. That will taper off quickly. Members may also feel concerned when they are challenged for MFA because such actions were previously considered “punitive” and because they were flagged as someone who may be sharing. MFA is not a punitive response; it is a preventative measure intended to safeguard against unauthorized access and also provides some good indicators of possible intentional credential sharing.
All users will have an email. It is required to be added to Clareity. We are unable to provide a new member registration link without an email.
There are many reasons that a device may not be successfully registered: