Mobile Client User Guide

Two-Factor Authentication

8min

You can use Single Connect for Two-Factor Authentication (2FA) to know who reaches your devices.

System admins configure and test 2FA definitions during deployment.

Single Connect 2FA is available in offline mode with the mobile application.

Prerequisite: If you havenā€™t already, download the Single Connect Mobile Client from the App Store or Google Play Store before you begin with the following steps. See Getting Started with Mobile Clientļ»æ

Offline Token

Adding Offline Token

Follow the steps below to add an offline token.

Step 1: Generate a QR Code from Single Connect Web GUI.

  1. Log in to Single Connect Web GUI.
  2. Navigate to Administration > 2FA Provisioning. Here you will find the QR code and the activation code. To generate a new QR and activation code, select Generate New One.
2FA Provisioning
2FA Provisioning
ļ»æ

Step 2: Generate a token in Mobile Client.

  1. Open Single Connect Mobile Client App and log in with your Single Connect user.
  2. Navigate to Offline Token.
  3. Generate a token with any of the following methods:
    1. Scan QR code ā€“ you must allow the app to access and use the camera
    2. Enter the code manually with your user name
    3. Register token

The tokens you generate with any of these methods will appear on the Offline Token screen.

Note that the 2FA code will be generated for a pre-set time interval on the mobile application.Ā 

Offline Token Screen
Offline Token Screen
ļ»æ
Offline Tokens
Offline Tokens
ļ»æ

Exporting and Importing Tokens

You can export your tokens to copy them to another device or simply protect them from loss due to updates.

To export:

  1. Tap on the Offline Token menu.
  2. Select Export, and it copies the collection of tokens in an encoded format and adds them to the clipboard.
  3. To keep it as a backup, paste it into notes or email.

To import a backup:

  1. Select and copy the backup text you stored in notes, email, etc.
  2. Tap on the + button on the top-right corner, and the activation screen opens.
  3. Select Import Token.
  4. Tap on OK on the Your tokens are imported successfully dialog box.

Protecting Tokens with MFA

Single Connectā€™s built-in MFA can be used as a secondary layer of authentication for logging into the Mobile Application for its online features (Approval Management, Geo-Fencing and Password Manager).

ļ»æ

  • Admin and user must install the Single Connect Mobile App and register a token to receive Offline Tokens with the mobile app. (You get the Offline Tokens from the Offline Token > Add > Register Token menu).ā€Æā€ÆĀ 
  • OTP must be enabled for the user group that will be using MFA for Mobile Application connections.

To enable MFA for Mobile Application:

  1. Navigate to Administration > System Config. Man.
  2. Set the mobile.application.otp.enabled parameter as true. After these settings are done and a login operation was started on the mobile application, the application will automatically look for a Registered Token in its Offline Tokens with the name that matched the tfa.otp.issuer parameter. If there are registered tokens with other names, then it will prompt for user to select a registered token. If the current six-digit value of the Offline Token (either the automatically or the manually selected one) is validated with the server, login will be successful. If thereā€™s no Registered Token in the mobile application and MFA is enabled with the parameter above, registering token also requires a Multi Factor Authentication. The system will send a one-time password (OTP) userā€™s phone number. User will be asked to enter the OTP on his/her mobile application.

The Mobile Application MFA functionality works only with the registered tokens to ensure that the offline tokens are only working in one application at a time.Ā 

PREVIOUS
Getting Started with Mobile Client
NEXT
Two-Factor Authorization
Docs powered byĀ Archbee