Skip to main content

Create temporary PIN

As a help desk administrator in Arculix, you can generate a temporary static PIN that lets an end user access a specific endpoint.

For example, an end user cannot authenticate with Arculix Mobile because they do not physcially have their paired device with them. The end user can contact their Help Desk for a temporary PIN as a backup method of authentication.

You can set a time limit for the temporary PIN to expire and decide if it can be reused. You can also revoke the PIN at any time.

Enable temporary PIN

Use the following instructions to enable the temporary PIN feature in Arculix.

  1. Log in to Arculix and from the left navigation, click Organization Settings.

  2. In the General tab, select the Enable Temporary PIN check box.

  3. Set the maximum number of days 1-7 that the temporary PIN is valid for.

    The default is 3.

  4. Click Save.

Generate temporary PIN

Once you enable the temporary PIN feature, you can create and set up a temporary PIN for a specific user.

  1. Log in to Arculix and from the left navigation, click Users.

  2. Click the pencil icon next to the user account that needs a temporary PIN.

  3. In the Temporary PIN section, set the following:

    Reusable

    Set whether or not the PIN is reusable.

    Selection options:

    Yes – The end user can use the same PIN more than once before it expires.

    No – It requires the generation of a new temporary PIN for each endpoint the user needs access to.

    Expires in

    Set the PIN's expiration in Days, Hours, or Minutes.

    For example, 0 Days : 1 Hour : 15 Minutes.

    The maximum number of days for the temporary PIN is set in Organization Settings > General. You cannot exceed this value.

  4. Click Generate to create a new temporary PIN.

    Click OK to confirm.

  5. Click the Click to Reveal button to show the temporary PIN.

    Under the PIN, it displays details about the temporary PIN: who generated it, when, if it's reusable, and when it expires.

    arculix_show_temp_pin.png
  6. To revoke the temporary PIN, click Revoke.

    Click OK to confirm.

  7. To check if a user logged in with a temporary PIN, click Home.

    In the Audit Logs section, click the user's Authentication Event. The user's Audit Log Details appears.

    arculix_temp_PIN_audit_log.png

End user experience

In this section, we will describe how users log in using a temporary PIN if they don't have their paired mobile device.

The following occurs:

  1. The end user calls their organization's help desk and verifies their identity. The end user requests a temporary PIN for authentication.

  2. The help desk user logs in to Arculix, generates a temporary PIN for the end user, and tells it to them over the phone.

  3. The end user logs in to their chosen endpoint with their username and password.

  4. When prompted to select an authenticator, the end user selects TOTP.

    Select MFA method
  5. The end user enters the temporary PIN as the Offline (TOTP) passcode and gains access to the endpoint.

    Note

    If the temporary PIN is reusable, the end user can use the same PIN to access multiple endpoints before its expiration.

    If the temporary PIN is not reusable, the end user repeats this procedure for each endpoint they require access to.