About Authentication

With AuthPoint MFA, each user installs the AuthPoint app on a mobile device, and activates a token. The user can then use the app to authenticate with the Push, QR code, or One-Time Password (OTP) authentication methods. Users can also use third-party hardware tokens to authenticate with an OTP.

When a user tries to log in to a resource that requires authentication, the AuthPoint single sign-on (SSO) page appears. To log in, the user types their AuthPoint password (if required) and chooses an authentication method.

The authentication methods available depend on the access policies assigned to the user's AuthPoint group. Some resources might require specific authentication methods, or allow only certain methods.

When you authenticate, your web browser creates a session and remembers you for eight hours. While your session is active, you do not need to authenticate again for SAML resources, RD Web resources, or the IdP portal unless the resource requires a more secure authentication method.

From most secure to least secure, the authentication methods are:

  1. Push notification and QR code
  2. One-time password
  3. Password

For example, you authenticate with your password and an OTP to log in to the IdP portal. After this, you can log in without authentication to any resource that has OTP as an allowed authentication option or that only requires a password.

The table below shows when an authenticated user must reauthenticate.

User Previously Authenticated With Access Policy for Resource Authentication Action
Password Password Log in without authentication
Password Password + OTP, QR code, or Push User must authenticate with OTP, QR code, or Push (no password required)
OTP Password or OTP Log in without authentication
OTP Password + QR code or Push User must authenticate again with QR code or Push (no password required)
OTP OTP, QR code, or Push Log in without authentication
QR Code or Push Any Log in without authentication

Push Authentication

For push authentication, AuthPoint sends a push notification to your phone. You can either tap Approve to authenticate and get access to your applications, or tap Deny to prevent an access attempt that was not made by you.

To use push authentication:

  1. Log in to the AuthPoint SSO page with your user name or email address.
  2. Type your AuthPoint password (if required) and select Push for the authentication method.
  3. On the push notification that is sent to your phone, tap Approve to authenticate and log in.
    You do not have to have the AuthPoint app open to approve a push.

If your token is protected, the AuthPoint app opens and prompts you to unlock your token with a biometric ID or a PIN when you try to approve a push notification. After you validate, you can approve or deny the push notification.

QR Code

A QR code is a square bar code that can be scanned by your phone to read stored data. AuthPoint uses secure QR codes to provide you with a verification code for authentication. AuthPoint QR codes can only be decrypted with the built-in AuthPoint app QR code reader.

To authenticate with a QR code:

  1. Log in to the SSO page with your user name or email address.
  2. Type your AuthPoint password (if required) and select QR Code for the authentication method.
    A new page with a QR code appears.
  3. Open the AuthPoint app and tap to open the QR code reader.
  4. Point your phone camera at the QR code on the computer screen.
    The AuthPoint app reads the QR code and the Authentication Request page appears with a temporary verification code.
  5. In the Verification Code text box, type the 6-digit verification code from your AuthPoint app.
  6. Click Finish.

If your token is protected with a PIN, you must type your PIN to see the Authentication Request page with the verification code.

One-Time Password

An OTP (One-Time Password) is a unique, temporary password that is only valid for a short time. OTPs are used in addition to your normal password for authentication. You can see the OTP for each token and how long the OTP is valid on the Token Management page of the AuthPoint app. The OTP for protected tokens is hidden until you unlock your tokens.

To authenticate with an OTP:

  1. Log in to the SSO page with your user name or email address.
  2. Type your AuthPoint password (if required) and select OTP for the authentication method.
  3. In the One-Time Password text box, type the OTP shown for your token in the AuthPoint app. Unlock your token if necessary.
  4. Click Finish.

For RADIUS authentication, you append your OTP to the end of your password. Do not add a space.

See Also

Authentication Without Your Mobile Device

About the AuthPoint Mobile App

QR Code Reader

Sync Your Token