Overview

When MFA is enabled for a user and MFA type is Authenticator Apps,

User will receive Authenticator app configuration mail when user login for the first time after MFA is enabled (This Email will have a QR code and detailed steps to set up the Authenticator app) .  We recommend users to use authenticator apps such as Microsoft Authenticator / Google Authenticator Apps.

note

Note

Users can also use other authenticator apps available in Google Play Store or Apple App Store since all Authenticator Apps use the same algorithms.

There are two commonly used protocols for authenticator apps:

  • HOTP (HMAC-based one-time password), which is specified in RFC 4226

  • TOTP (Time-based one-time password), which is specified in RFC 6238

Note

Users can also use other authenticator apps available in Google Play Store or Apple App Store since all Authenticator Apps use the same algorithms.

There are two commonly used protocols for authenticator apps:

  • HOTP (HMAC-based one-time password), which is specified in RFC 4226

  • TOTP (Time-based one-time password), which is specified in RFC 6238

OTP prompt after Login Example (For admin and UCP users)

Trust Device Checkbox

When the user selects the "I trust this device. Don't ask for codes for 7 days" checkbox, after validating OTP user will not be prompted for an authentication code for the next 7 days

Recovery Codes

If user can't get codes by text, call, or Google Authenticator, they can use backup codes to sign in to PBX. Once the user uses a backup code to sign in, that code becomes inactive. Userman users can generate/ regenerate / delete / download backup codes from UCP Settings.

Email Template

Steps to configure authenticator app