Identity verification using MFA

Note: The MFA methods and authentication settings mentioned in this guide may or may not be applicable to you based on your organization's policy. Contact your administrator for more information on this.

Identity360 offers additional layers of security during identity verification using the information you provide during the enrollment process.

Once you've enrolled in the authentication methods, you will be prompted to perform MFA every time you access your machine, applications, and the Identity360 portal based on your organization's policy.

Authentication process

Here is a list of MFA methods available in Identity360 and how to use them:

Email Verification

1. If you have secondary email addresses configured, you'll be asked to choose your preferred email address to receive the verification code.
2. Select the email address you prefer and click Proceed. You will receive the code in your email.
3. You must enter the code in the Enter Verification Field and click Verify to verify your identity within the time provided. You will only have a certain number of attempts to resend the OTP.

Google Authenticator

You must enter the code that is displayed in the Google Authenticator app in the Enter Verification Code field and click Verify to prove your identity.

Microsoft Authenticator

You must enter the code that is displayed in the Microsoft Authenticator app in the Enter Verification Code field and click Verify to prove your identity.

Zoho OneAuth's TOTP

You must enter the code that is displayed in the Zoho OneAuth app in the Enter Verification Code field to and click Verify to prove your identity.

Custom TOTP authenticator

Enter the TOTP generated by the custom TOTP authenticator used by your organization in the Enter Verification Code field provided and click Verify to prove your identity.

MFA recovery using backup codes

Identity360 offers backup codes for MFA recovery. These one-time-use backup codes allow you to prove your identity in case your MFA device is not reachable or you're unable to use your enrolled MFA methods.

Depending on your organizational policy, you can generate these codes when required.

How to generate backup codes

You will be provided with the Generate Backup Codes option in the user portal. To access it:

1. Log in to Identity360.
2. Go to the Enrollment tab.
3. In the MFA Recovery section, click Generate Backup Codes.
4. The Generated Backup Verification Codes pop-up will now appear with your backup codes. You can choose to save them as a text file, send them to your desired email address, or print them using the Save as Text, Send Email, or Print Code buttons respectively.

How to use the backup codes

1. When you perform MFA using any of the enrolled methods, the Having trouble with the above method(s)? prompt is displayed.
2. Click the prompt.
3. The Having trouble? screen will open. Here, click Backup Code Verification.
4. On the Backup Code Verification page that appears, enter the backup code generated or provided by your administrator in the field provided.
5. If successful, you will be authenticated into the machine or the Identity360 portal.

Note: If you aren't able to perform MFA using your enrolled methods and don't have any backup codes either, reach out to your administrator for assistance.

Other notable MFA settings

Trust this browser

If you've successfully performed MFA at least once, you may be asked if you wish to trust the browser for a specific number of days. If yes, you will not be asked to perform MFA during future attempts of identity verification from the same browser within the specified days.

Trust this machine

After completing MFA authentication while logging in to your machine, remotely accessing it, or during the UAC prompts, you can use this option to bypass MFA during your subsequent machine access. The trusted machine status will expire after a specified number of days based on your organization's policy.

CAPTCHA

When performing MFA using any of the enrolled methods, if you surpass the wrong MFA attempt limit set by your administrator, you'll be asked to enter the CAPTCHA displayed in the field provided. This helps confirm your identity as a valid user and ensures you're not an automated bot.