Skip to main content

Authentication apps global MFA settings

At the global level, configure the authentication methods sent by SecureAuth Authenticate app. You can also configure third-party apps like Google Authenticator and Microsoft Authenticator. To authenticate into a resource, users receive passcodes, push notifications, or verify their biometric identity.

Prerequisites

Before you upgrade to Identity Platform release 22.02 or later, see SecureAuth mobile services for information about how SecureAuth handles mobile services.

Authentication apps configuration

  1. On the left side of the Identity Platform page, click Multi-Factor Methods.

  2. Click the pencil icon for Authentication Apps.

    The configuration page for Authentication Apps appears.

    apps_MFA_001_20_06.png
  3. To enable or disable the global Authentication Apps multi-factor method, slide the toggle On or Off.

  4. In the Configuration mode section, set any of the following configurations.

    Timed passcode from app

    When Authentication Apps toggle is On, it automatically enables the ability for users to receive a soft token generated by SecureAuth Authenticate app or another third-party authentication app.

    Login notification

    Indicate whether users can receive a push notification from the SecureAuth Authenticate app and allow them to choose or deny login requests.

    Login request timeout

    For the login notification, set the length of time a user has to accept a login request at one, two, three, four, or five minutes.

    Biometric identification

    Enable whether users can use biometric identification like facial recognition and fingerprint by means of the SecureAuth Authenticate app.

    One-time passcode via push notification

    Indicate whether users can receive a one-time passcode by means of a push notification from the SecureAuth Authenticate app.

  5. In the Push Notification Settings section, set the following configuration.

    Company name

    Name of company to display on the push notification when it is delivered to the user's device.

    Enable blocking of push notifications

    Select this check box to allow users to block unknown login requests in the Authenticate app.

    To learn more, see How to block and unblock login requests in Authenticate.

    Prevent re-use of TOTP

    Select this check box ensure that each TOTP can only be used once. This enhances security by preventing unauthorized use of a previously generated TOTP.

    apps_mfa_002_2404update1.png
  6. In the User Device Settings section, set the following configurations.

    Maximum Device Count

    Set the number of devices a user can register to receive authentication tokens. Values range from no limit or up to ten devices.

    Allow device replacement

    Indicate whether to allow device replacement when a user has reached the maximum number of devices.

    Replacement order

    Choose one of the following options for replacing an authentication token:

    • Oldest by creation date / time – replace the oldest authentication token with the newest one

    • Oldest by date / time last accessed – replace the least used and last accessed authentication token with the newest one

    apps_MFA_003_20_06.png
  7. In the One-Time Passcode Settings section, set any of the following configurations that apply to the SecureAuth Authenticate mobile app and the SecureAuth Passcode desktop app.

    Passcode length

    Set the length of the passcode in the SecureAuth Authenticate app at six, eight, or nine digits.

    Passcode change interval

    Set how often in seconds, the passcode updates in the SecureAuth Authenticate app.

    Passcode offset

    To make up for time differences between devices and to enable prolonged validity after the code is no longer displayed, set the tolerance in minutes for the amount of time a passcode can be out of sync.

    apps_MFA_004_20_06.png
  8. Click Save.

Next steps