Skip to main content

SecureAuth Passcode App for Mac

Updated: October 22, 2018

Use this guide to install and provision the SecureAuth Passcode for Mac App to use in Multi-Factor Authentication on a desktop OS X device.


Each end user can register the SecureAuth Passcode app on one computer only.


  1. Ensure the desktop device is using a 64-bit processor and running either:

    • OS X 10.9 - 10.11

    • macOS 10.12

  2. Download the SecureAuth Passcode for Mac App from the App Store.

  3. Configure the OATH Provisioning Realm / App Enrollment Realm in the SecureAuth IdP Web Admin for end users to enroll devices for passcodes by following steps in Multi-Factor App Enrollment (URL) realm configuration.

  4. Configure SecureAuth IdP realms in which OATH OTPs or Time-based Passcodes are used for multi-factor authentication.

Passcode app provisioning steps

After the SecureAuth Passcode client has been installed on the OS X device, start the application; the splash screen is displayed.


Add an account

  1. Provide the web address of the SecureAuth IdP OATH provisioning realm.


    If using SecureAuth998 as the Multi-Factor App Enrollment Realm, then only the Fully Qualified Domain Name (FQDN) is required; for example,

    If using a different realm for Multi-Factor App Enrollment, then the entire URL address which includes the realm name is required; for example,

  2. Click Start.

  3. Enter a username and password, then click Start.

  4. Choose the delivery method for you passcode and click Submit.

  5. Follow the configured workflow of the Multi-Factor App EnrollmentRealm to validate the user identity.

    Shown here is the Username + Password, + Multi-Factor Authentication workflow.


    A multi-factor authentication workflow does not need to be set in the configuration to validate the user identity.

  6. Select the multi-factor authentication method, and click Submit.

    This step is necessary only if a multi-factor authentication workflow is required.

  7. Enter the passcode received via the method selected in step 6, and click Submit.

    A different multi-factor authentication method can be used by clicking the link beneath the Submit button, which presents the screen in step 4.

  8. Enter the passcode received via the method selected in step 4, and click Submit.

Create a PIN

  1. Create a 4-digit PIN code to use for unlocking the app. The PIN code cannot contain repeating or sequential digits.

  2. Confirm this entry on the next screen.

    These steps are required only if the Multi-Factor App Enrollment Realm is set to require a PIN code for access.

    If this app is upgraded from the previous version (SecureAuth OTP Client for OS X) and a PIN is required to unlock the app, a secure PIN will be enforced if the end user attempts to change the PIN because 4 repeating digits or sequential digits (e.g., 3333, 1234) are not permitted on this newer version of the app.


    The SecureAuth IdP administrator can configure a set number of times the end user can enter an incorrect PIN before the OATH token and configuration are erased from the app.

Change a PIN

  1. Click the gear icon on the app toolbar.

  2. The Change PIN screen is displayed.

  3. Provide the current PIN code and click Enter.

  4. Supply a new 4-digit PIN code and click Enter. The PIN code cannot contain repeating or sequential digits.

  5. Confirm the new PIN code on the next screen.

Passcode app generation

The provisioned app appears with a one-time passcode that can be used in multi-factor authentication.


The passcode for this account is valid only for the period of time specified on the Multi-Factor App Enrollment Realm. When the time period has elapsed, a new, auto-generated passcode replaces the expired account passcode.

If a PIN is required to unlock the app, the gear icon appears upper right on the toolbar, as shown in the previous image.

Passcode app account management

Click an icon on the toolbar to specify the function you want to perform.

App function

Toolbar icon


Add another account

  1. Click the + icon to add another account.

  2. Follow the steps in Add an account.

After the new account is added, the tile for the new account is displayed beneath the previous account tile.

Change PIN

See Change a PIN.

See Change a PIN.

Delete account


Click the red circle with minus sign icon on the account tile to delete the account.

Edit account

  1. Click the pencil icon to edit the account.

  2. On the edit screen, use objects on the account tile to modify the account.

You can change the order of account tiles for multiple accounts by dragging tiles.

Edit account name


On the account tile, click the account name to edit it.

Re-enroll account

  1. Select the account tile and click Re-Enroll.

  2. When the enrollment process initiates, follow the steps for Add an account .

Re-order accounts


On the account tile to be moved, click the hamburger icon and drag the account tile up or down to move it to the new position.

OATH OTP end-user experience

  1. Initiate the login process on a realm that enables OATH OTPs as a second factor option (configured on the Registration Methods tab of the realm).

  2. Follow the configured workflow.

  3. On the multi-factor authentication methods page, select Time-based Passcode from the list of options, and click Submit.



    By default, the listing next to the Time-based Passcode option is SecureAuth OTP Mobile App.

    This listing applies to all devices and browsers provisioned for Single (OATH Seed) mode; e.g., mobile apps, desktop apps, etc.

    In environments that support more than one type of OTP app, the end user might not know this option also applies to desktop OTP apps.

    If this scenario applies to your organization, you can replace the SecureAuth OTP Mobile App label with a more generic name, such as SecureAuth OTP App, to improve the end-user experience and to minimize confusion.

  4. Start the app.

  5. If a PIN is required to unlock the app, enter the PIN and click Enter. On the account tile, click Copy to grab the passcode.

  6. Paste the passcode from the app on the login page, and click Submit to gain access to the realm or application.


Release notes

Version 2.0

Release date: November 1, 2016

What's new
  • Multiple account support

  • New UX and branding

  • Weak PIN protection

  • Brute force protection

  • App hardening

Resolved issue
  • Debug logging data gaps