Skip to main content

SecureAuth Passcode app for Windows

Updated December 15, 2022

SecureAuth Passcode for Windows is a desktop application that generates one-time passcodes (OTPs) to use for validation during the login process.

The Passcode app must first be connected to your user profile via a SecureAuth Identity Platform app enrollment realm before it can be used.

Once connected, the app generates a new passcode (configured for 6 or 8 digits) every 60 seconds. Input the current passcode on the login page to gain access to the application protected by the SecureAuth Identity Platform.

You can enroll more than one Passcode account on the app and manage these accounts on the app.

Note

Passcode app version 19.14 or later supports the ability to register the Passcode app on more than one Windows computer. This applies to Identity Platform OATH Token enrollments.

It requires an Identity Platform hotfix update to releases 19.07.01 or later.

Passcode app version 19.10 or later supports optional PIN protection, which, if configured, requires you to enter your PIN to view the OTP.

For a summary of release information, see Passcode for Windows release notes.

Prerequisites

Before you set up Passcode for Windows, review the following prerequisites.

Workstation requirements

The following are minimum workstation requirements for end users.

  • Supported on Windows 8.1 or later

  • Supported on Windows Server 2008 R2 or later

  • .NET Framework 4.5 or later

Before you begin

  • From the SecureAuth product downloads page, download the SecureAuth Passcode for Windows MSI file.

  • Get the URL of the SecureAuth Identity Platform app enrollment realm you should use to:

    • Enroll the app and provision it for Multi-Factor Authentication usage (if you do not have the app installed), or

    • Re-enroll the app for Multi-Factor Authentication usage if you are upgrading from an earlier Passcode app version

Optional Windows Server configuration

If you want to use roaming user user profiles with the Passcode app, read on to learn more.

Roaming user profiles that are set up in Active Directory environments let users with computers joined to a Windows server domain log on another computer on the same network to access documents.

To use roaming user profiles with the Passcode app:

Note

  • Seed and PIN values are shared by all machines with Passcode apps installed.

  • Any change to seeds, PINs, and accounts appears on other machines after the Passcode app on another machine is restarted.

  • Refer to the Multi-Factor App Enrollment (URL) realm configuration topic for additional information.

Install Passcode for Windows

To install Passcode for Windows, you can use the Wizard install or Silent install.

Note

The silent install option uses the Windows Command Line Interface (CLI) and requires administrator permissions. Be sure you have the syntax from the administrator before proceeding.

Wizard install

  1. Find the Passcode application you downloaded.

  2. To start the installation, double-click the passcode.msi file.

    passcode_app_win_001.png
  3. Click Next.

  4. Review the current settings, then click Next.

    passcode_app_win_002.png
  5. If the User Account Control (UAC) confirmation appears, then click Yes to start the installation.

    passcode_app_win_003.png
  6. When the installation completes, click Finish.

    passcode_app_win_004.png

Silent install

If you use the silent install option to install Passcode for Windows on end-user workstations:

  • You can include the INSTALLDIR attribute in the silent installation syntax to install Passcode in a path other than the default location C:\Program Files (x86)\Passcode

  • You can include the ENROLLMENTURL attribute in the silent installation syntax. This pre-populates the URL in the Add Account screen the first time the end user starts the app.

With this option:

  • You can configure the syntax to let the end user enter another web address to use instead of the one you provided.

  • You can specify the account enrollment URL to be used. This configuration means that any existing, provisioned account on the end user's machine will be deleted.

  1. Find the Passcode for Windows .msi file you downloaded.

    Note

    The silent install option uses the Windows Command Line Interface (CLI) and requires administrator permissions. Be sure you have the syntax from the administrator before proceeding.

  2. Click Start and then initiate a command prompt as an administrator.

  3. Execute the following syntax to perform a silent install:

    <installerPath>\PasscodeX_X_X.msi /quiet INSTALLDIR=<installDirectoryPath> ENROLLMENTURL=<enrollmentURLpath>

    For example:

    C:\users\admin\Downloads\PasscodeX_X_X.msi /quiet INSTALLDIR="C:\SecureAuth Files\Passcode" ENROLLMENTURL=secureauth.company.com

    Optional installation steps:

    • Use the INSTALLDIR attribute to install Passcode in a non-default location – the default location is C:\Program Files (x86)\Passcode

    • Use the ENROLLMENTURL attribute to pre-populate the Add Account screen with the URL when starting the application for the first time.

      • If the administrator has specified an account enrollment URL in the command line syntax, then any existing provisioned account on your machine will be deleted.

      • If the default URL realm SecureAuth998 is used, then you only need to enter the Fully Qualified Domain Name – example: secureauth.company.com

      • If a realm other than the default realm is used for Multi-Factor Authentication URL app enrollment, then the entire URL address that includes the realm name is required. For example: https://secureauth.company.com/secureauth2

Connect an account to your user profile

  1. Start the Passcode client application.

    passcode_app_win_006.png
  2. If this is a fresh install, then the Add Account screen appears.

    passcode_app_win_007.png
  3. Enter the URL of the Identity Platform Multi-Factor Authentication URL enrollment / OATH provisioning application.

    If the default URL realm SecureAuth998 is used, then you only need to enter the Fully Qualified Domain Name. For example, secureauth.company.com

    If a different realm is used for Multi-Factor Authentication app enrollment, then the entire URL address that includes the realm name is required. For example, https://secureauth.company.com/secureauth2

  4. Click Start.

  5. Follow configured login workflow, which might include multi-factor authentication to connect a Passcode account to your user profile.

    In the following example, this is the Username + Password workflow option.

    passcode_app_win_008.png
  6. If required in the app enrollment realm configuration, create your PIN and click Enter.

    passcode_app_win_009.png
    PIN value restrictions
    • Cannot have consecutive and repeating digits. For example, 33333333 or 1111

    • Cannot have forward or backward sequential numbers. For example, 123456 or 87654321

    PIN rules
    • If you've upgraded to a newer version of the Passcode app, it will prompt you to create a PIN and reconnect to your profile if the realm requires a PIN.

    • An account on the app must be re-enrolled for multi-factor authentication if the connected realm now requires a PIN entry.

    • If accounts on the app use different PIN lengths, then it enforces the highest security setting (maximum 10 digits) for use on the app. To apply the highest security setting to all accounts, you must reenroll accounts that are not using the highest security setting.

    • If multiple accounts exist on the app, you must create a PIN whenever you:

      • Add an account that requires a higher security setting, or

      • Delete the account that used the highest security setting

  7. Confirm the PIN, and click Enter again.

    The OTP panel appears with the current one-time passcode (OTP) that you can use for multi-factor authentication (MFA).

Using Passcode for Windows

  1. Start the app on your desktop.

  2. If prompted, enter your PIN.

  3. The Passcode app home page displays, showing a passcode 6 to 8 digits in length for each account on the app.

    The blue bar beneath the passcode indicates how much time remains to use the passcode for login, as configured by your administrator.

    The bar turns red when 10 seconds remain to use the current passcode. When the time has elapsed, a new passcode appears.

  4. Click Copy to copy the passcode to the clipboard for easy pasting on the login page.

    passcode_app_win_010.png

Passcode app toolbar

Learn more about the Passcode app functions.

passcode_app_win_010.png
passcode_app_win_012.png

Home

The home page appears with the current passcode for each account on a connected domain.

passcode_app_win_013.png

Add Account

Use this option to add another account.

passcode_app_win_014.png

Edit Accounts

Use this option to manage your accounts. For example you can rename, reenroll, reorder and delete your account.

passcode_app_win_015.png

Change PIN

Use this option to change your registered PIN.

passcode_app_win_016.png

About

Click About to display the Passcode app version number.

passcode_app_win_017.png

Minimize / Quit

Exit or minimize the Passcode app. is exited.

Passcode app account management

Clicking the pencil icon puts the app in edit mode, providing functions described below.

passcode_app_win_018.png

Click the icon on the account tile to enable the function described to the right:

passcode_app_win_019.png

Rename

Click this icon next to a connected account name to rename it.

passcode_app_win_021.png

Re-enroll

Use this option to clear account connection data and restart the account connection process.

passcode_app_win_022.png

Reorder

Click and hold to drag and drop the account up or down the list.

passcode_app_win_020.png

Delete

Use this option to remove a connected account from the Passcode app.

End user login experience

  1. Log in to the application you want to access and proceed through the configured login workflow.

  2. From the list delivery methods, select the Time-based Passcode option.

  3. Click Submit.

    passcode_app_win_037.png
  4. Start the Passcode app.

  5. If a PIN is required to unlock the app, enter your PIN and click Enter.

    passcode_app_win_025.png
  6. On the Passcode home page, click Copy on the account tile to copy the passcode.

    passcode_app_win_010.png
  7. Paste the passcode in the Passcode box on the login page.

  8. Click Submit to access to the realm.

    passcode_app_win_038.png