Authenticators Setup

To enable MFA, you need to set up one or more authenticators that will be used to verify the identities of the users in addition to the username and password. Each MFA authenticator involves a distinct method of verification, making it difficult for unauthorized individuals to gain access. Identity360 supports the following authenticators:

  1. Email verification
  2. Google Authenticator
  3. Microsoft Authenticator
  4. Zoho OneAuth TOTP
  5. Custom TOTP Authenticator

Email verification

Email verification is enabled by default, allowing users to enter the verification code sent to their primary or secondary email addresses, with which they registered during enrollment, in order to prove their identity.

Note: Identity360 uses email verification as the default MFA authenticator. Users will be instantly enrolled for email verification using their primary email address or User Principal Name from their associated directory, and it cannot be disabled until after initial setup.

Steps to edit email verification

  1. Navigate to the Application tab and go to Multi-factor Authentication > Authenticators Setup..
  2. Select Email Verification.
  3. Click the Edit icon to modify the email verification settings.
  4. In the pop-up that appears, click the Select OTP Length for MFA Verification drop-down menu to specify the number of characters in the OTP.
  5. Check the Allow users to resend emails with OTPs box to permit users to resend the OTP email. They will only be able to resend the email 30 seconds after the delivery of the previous email.
  6. Specify the number of OTP emails that can be sent per MFA or enrollment session in the Set number of email attempts for MFA verification during login or enrollment field.
  7. Click Save to finish setting up the email verification authenticator.

Google Authenticator

Google Authenticator serves as a secondary authenticator, generating a time-based one-time password (TOTP) to verify the user's identity before granting access to applications. Google Authenticator operates without the internet as it generates TOTPs locally on the user's device, utilizing the device's internal clock and the secret key. The TOTP codes are time-sensitive and change every 30 seconds.

Once Google Authenticator verification is enabled, users can enter a six-digit security code generated by the Google Authenticator app to prove their identities.

Steps to configure Google Authenticator

  1. Navigate to the Application tab and go to Multi-factor Authentication > Authenticators Setup..
  2. Select Google Authenticator.
  3. Click Enable Google Authenticator in the pop-up that appears.
  4. Click the Edit icon to modify the authenticator or click the Disable icon to disable it.

Microsoft Authenticator

Microsoft Authenticator is a mobile application that validates user identity by generating TOTPs or facilitating the approval of login requests through push notifications on the mobile device. These TOTPs are generated offline on the user's device and change every 30 seconds, providing protection against replay attacks.

Once Microsoft Authenticator verification is enabled, users can enter a one-time passcode generated by the Microsoft Authenticator app to prove their identities.

Steps to configure Microsoft Authenticator

  1. Navigate to the Application tab and go to Multi-factor Authentication > Authenticators Setup..
  2. Select Microsoft Authenticator.
  3. Click Enable Microsoft Authenticator in the popup that appears.
  4. Click the Edit icon to modify the authenticator or click the Disable icon to disable it.

Zoho OneAuth TOTP

Zoho OneAuth is a mobile application that offers various authentication methods, including TOTPs. Users can add secondary devices as a backup if they encounter issues while accessing their primary devices.

Once Zoho OneAuth's TOTP verification is enabled, users can enter one-time passcodes generated by the Zoho OneAuth app to prove their identities.

Steps to configure Zoho OneAuth TOTP

  1. Navigate to the Application tab and go to Multi-factor Authentication > Authenticators Setup..
  2. Select Zoho OneAuth TOTP.
  3. Click Enable Zoho OneAuth TOTP in the pop-up that appears.
  4. Click the Edit icon to modify the authenticator or click the Edit icon to disable it.

Custom TOTP Authenticator

Using this method, admins can configure any TOTP authenticator for identity verification.

Steps to configure a Custom TOTP Authenticator

  1. Navigate to the Application tab and go to Multi-factor Authentication > Authenticators Setup..
  2. Select Custom TOTP Authenticator.
  3. Enter the name of the authenticator to be displayed for the user during enrollment, identity verification, and reports in the Authenticator Name field.
  4. Click the OTP validity (in min) drop-down menu to specify the expiration time for the TOTP generated by your custom authenticator app.
  5. Click the Length of the Code drop-down to specify the length of the TOTP supported by your custom authenticator app.
  6. In the Hashing Algorithm drop-down, choose SHA1, SHA256, or SHA512 as the hashing algorithm, depending on the algorithm supported by your custom TOTP authenticator.
  7. Click Browse to include the logo for your custom authenticator if needed. GIF, JPG, JPEG, PNG, and SVG are the image formats supported.
  8. Enter the desired Variance number and Issuer name in the respective fields and click Save.
Navigate to Previous Previous Topic Next Topic Navigate to next

Copyright © 2024, ZOHO Corp. All Rights Reserved.