Onboarding for End Users – with an Authenticator Application
UserLock has built in functionalities to help ease the onboarding and education process for users to set up MFA on their smartphones.
We recommend that you create a user-oriented document that you will send to all users affected by MFA. You will find a sample document of this type here.
To help your organization or users choose an application, here are the most widely used:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
- This is the most secure, because even if the phone is not locked, the app will automatically lock and you must provide credentials to unlock it to get the MFA code.
- 2FA Authenticator
Regardless of the application you choose, make sure that the date and time of the End Users' smartphones are correct (it is recommended to set the date and time automatically), otherwise the codes generated by the application cannot be validated.
For a user's first MFA connection, this user may require assistance with the configuration.
Once MFA is enabled for a user account, at their next connection, a dialog box with a QR code will be displayed:
- The text just under “Multi-Factor Authentication” is customizable in the Settings tab.
- Other texts will be displayed according to the language of the OS of the computer currently logged on (English which is the default language, French or Spanish).
- The "Skip (N days left)" button is optional. It is disabled by default. You can enable it in the configuration of the protected accounts related to this user.
- The "Ask for help" button is optional. It is disabled by default. You can enable it in the MFA dashboard, “Settings” tab.
When this dialog box appears, the user will need to open the Authenticator application on their smartphone, then scan the barcode. For example with Google Authenticator:
In the « Add an account » step, choose « Scan a bar code » (or « Enter a provided key” if you prefer):
The MFA code is now displayed:
Fill the MFA code in the field in the dialog box, then click “Verify and Continue”.
It is recommended to inform users of the circumstances for when MFA will be asked for. (For example at every logon, at the first logon of the day, etc…)
Once correctly configured, the user will be prompted with the following dialog box for all connections that require MFA.
The user will be able to retrieve the code from the Authenticator application.