UserLock Documentation
UserLock Documentation
You are here: Use cases > Multi-Factor Authentication > Onboarding for End Users – with a Token2 programmable token

Onboarding for End Users – with a Token2 programmable token


Users will need a Token2 programmable token. To enroll in MFA (subsequent logins will only require the hardware token), you will need an Android device with NFC* and the TOKEN2 NFC Burner app* (make sure you have the latest version, at least 2.1). This can be the same device for several users (the smartphone of a UserLock administrator for example).
[* Windows version is also available, but this guide will use Android as an example.]

To enable two-factor authentication:

  1. Have your Android device with NFC and TOKEN2 NFC Burner 2 app installed and your hardware token ready.

  2. Once MFA is enabled for a user account, at their next connection, a dialog box with a QR code will be displayed. Rather than downloading an authenticator application, the user must do the following.

    Multi-factor authentication
  3. Launch the NFC burner app on your Android device and hit the "scan QR" button.

    Launch the NFC burner app
  4. Point the camera to the QR code shown on the DIALOG box. Upon a successful QR scan, the camera window should disappear.

    Alternatively, you can manually enter the code shown on the same page ("Manual Entry Key:") by hitting the "Base32" button on the app under the QR button.

  5. Turn on the TOKEN2 token and place it on your phone, making sure it is over the NFC antenna. Then click "Connect" on the app.

    If the phone's NFC antenna does not completely align with the token, the connection will fail. Try moving the phone or token until you successfully connect the devices. Also make sure the NFC is enabled on the phone, and that the token is turned on. Click here for more information on the NFC link stability issues with Token 2 programmable tokens.

  6. Upon successful connection, click the "BURN SEED" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window.

    Burn seed successful
  7. After completing the burning process, turn the token display off and turn it on again.

  8. Enter the 6 digits code displayed by the token in the field in the dialog box, then click “Verify and continue“.

    Enter the 6 digits code displayed by the token
  9. Thereafter, the user will be able to retrieve the code requested, from the Token2 programmable token itself.

    Token2Multi-factor authentication