TABLE OF CONTENTS
- Multi-factor authentication (MFA) setup overview
- What you will need to set up multi-factor authentication (MFA)
- Add a multi-factor authentication (MFA) method during new account registration
- Add a multi-factor authentication (MFA) method to an existing account
Multi-factor authentication (MFA) setup overview
Users can add multi-factor authentication (MFA) methods to their accounts, enabling passwordless login methods. The following MFA methods can be used:
- QR code login using the BlockID mobile app
- Push notification login using the BlockID mobile app
- Device biometrics (FIDO2 platform authenticator)
- Security key (FIDO2 hardware token)
What you will need to set up multi-factor authentication (MFA)
QR Code and Push Notification:
- Phone or tablet with BlockID Mobile App installed and linked to your account
- Working camera (for QR code)
Device Biometrics (FIDO2 Platform Authenticator):
- A device with built-in biometric recognition capability, such as Apple Touch ID or Windows Hello
Security Key (FIDO2 Hardware Token):
- FIDO2 hardware token such as a YubiKey
Add a multi-factor authentication (MFA) method during new account registration
Users will also be prompted to add MFA methods during new account registration. Please see the instructions below for adding the desired MFA method
Users are encouraged to add at least one MFA method to their accounts
Scan QR and push notification
Scan QR:
- Using this method, users log in or approve sign-in requests by scanning a QR code.
Push notification:
- This method allows users to log in or approve sign-in requests by responding to a push notification sent to their phone or tablet.
Both methods are available once this MFA method is added.
1. If you are registering a new account, click Scan QR or Push Notification from the prompt, as shown below:
2. A window displaying a QR code will open. Scan the QR code with the camera on your phone to open the embedded link to the BlockID Mobile App.
3. Authenticate the request in the mobile application to finish linking your account.
Device Biometrics (FIDO2 Platform Authenticator)
Users with supported hardware can use their built-in device biometrics (Windows Hello/Mac TouchID) as a FIDO2 platform authenticator for their account.
1. From the prompt, click device biometrics
2. The screen will display some instructions to follow. After reviewing the information, click use platform authenticator to continue.
3. When prompted, use the biometric authentication method for your device.
4. If prompted for a passkey, hit continue.
5. A success message will display once the authentication method has been accepted and linked. Enter a name to associate with your device and click done.
Security key (FIDO2 hardware token)
Users with a hardware FIDO security key, such as YubiKey, can use this authentication method with their accounts.
1. From the prompt, click security key.
2. Review the displayed information, then click use security key to proceed.
3. Insert your security key and touch it when prompted.
4. A success message will appear once your device has been added. Enter a name to associate with your device and click done.
Add a multi-factor authentication (MFA) method to an existing account
Users who did not add a desired MFA method during new account registration can still add the desired method at any time.
Users are encouraged to add at least one MFA method to their accounts, although this is not required. Users can choose to add some or all of the MFA methods.
Scan QR and push notification
1. Navigate to your tenant sign-in page. Sign out of your account If you are currently signed in.
2. Click Request an Invite, located directly beneath the QR code.
3. Enter your email address. Unless told otherwise by an administrator, leave the email option as Primary Email. Click Send Invite to send an invite to your registered email address.
4. Using your mobile device, open the User Invitation email just sent to you. Click Register for Passwordless Authentication to open the link on your mobile device.
5. Opening the link will launch the BlockID Mobile Application. Unlock the application using your enrolled biometrics to finish linking the device to your account.
6. A success message will display, confirming you have linked your device. You can now use your device to sign in using QR Code and Push Notification passwordless authentication methods.
Device Biometrics (FIDO2 Platform Authenticator)
Users with supported hardware can use their built-in device biometrics (Windows Hello/Mac TouchID) as a FIDO2 platform authenticator for their account.
1. Navigate to your tenant and log in.
2. From your user profile, click My Devices.
3. Click setup platform authenticator
4. The screen will display some instructions to follow. After reviewing the information, click use platform authenticator to continue.
5. When prompted, use the biometric authentication method for your device.
6. If prompted for a passkey, hit continue.
7. A success message will display once the authentication method has been accepted and linked. Enter a name to associate with your device and click done.
Security key (FIDO2 hardware token)
Users with a hardware FIDO security key, such as YubiKey, can use this authentication method with their accounts.
1. Navigate to your tenant and log in.
2. From your user profile, click My Devices.
3. Click setup security key
4. Review the displayed information, then click use security key to proceed.
5. Insert your security key and touch it when prompted.
6. A success message will appear once your device has been added. Enter a name to associate with your device and click done.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article