Authentication via Authenticator Apps

Owned by Nathaniel Halbrooks
Last updated: Mar 20, 2024 by Kelli Higdon
3 min read

 

Overview

When MFA is enabled for a user and MFA type is Authenticator Apps,

User will receive Authenticator app configuration mail when user login for the first time after MFA is enabled (This Email will have a QR code and detailed steps to set up the Authenticator app) .  We recommend users to use authenticator apps such as Microsoft Authenticator / Google Authenticator Apps.

Note

Users can also use other authenticator apps available in Google Play Store or Apple App Store since all Authenticator Apps use the same algorithms.

There are two commonly used protocols for authenticator apps:

  • HOTP (HMAC-based one-time password), which is specified in RFC 4226

  • TOTP (Time-based one-time password), which is specified in RFC 6238

 

  • After setup, every time when user login, a new prompt is made requesting a OTP code. User has to enter the OTP code from the configured authentication App (Like Google Authenticator / Microsoft Authenticator)

  • Authenticator apps generate time-based, one-time passcodes (TOTP or OTP), which are usually six digits that refresh every 30 seconds.

OTP prompt after Login Example (For admin and UCP users)

 

Trust Device Checkbox

When the user selects the "I trust this device. Don't ask for codes for 7 days" checkbox, after validating OTP user will not be prompted for an authentication code for the next 7 days

Recovery Codes

If user can't get codes by text, call, or Google Authenticator, they can use backup codes to sign in to PBX. Once the user uses a backup code to sign in, that code becomes inactive. Userman users can generate/ regenerate / delete / download backup codes from UCP Settings.

 

 

 

Email Template

 

Steps to configure authenticator app

  • Microsoft Authenticator

    1. Download Authenticator app from either the Apple App Store or the Android Google Play store. It's free.

    2. On the top right click on Vertical three-dot menu > Add Account > Other Account

    3. Scan the QR Code which is sent through Email from phone or enter the code which is through Email manually in the app. After that, your 2-factor authentication will be configured and the app has been set up properly. Next you may be required to enter the 6-digit code displayed on the authenticator app every time you log in.

  • Google Authenticator

    1. Download Google Authenticator app from either the Apple App Store or the Android Google Play store. It's free.

    2. At the bottom of your screen two options will show up, "Scan barcode" and "Manual entry". You only need to choose one of these options to complete the process. Using the "Scan barcode" option scan the QR Code or can use code which is sent through Email

    3.  After that, your 2-factor authentication will be configured and the app has been set up properly. Next you may be required to enter the 6-digit code displayed on the authenticator app every time you log in.

 

Return to Documentation Home I Return to Sangoma Support