Multi-factor authentication (MFA) options available to you upon log in are determined by your Login Policy. MFA options in this application include VCA (Virtual Code Authentication) or TOTP (Time-based One-Time Password).
Your MFA options appear upon log in when MFA is configured for your organization. VCA and TOTP appear when you have MFA built-in your Login Policy.1Because MFA options are tied to a user’s Login Policy, you may see both options, one option, or none.
When VCA is configured, users can use their email to receive a code. The email the application uses upon initial MFA startup is the email listed in the Authentication Email Address field. When an Authentication Email Address is undefined, this application will use the first email address listed in the Contact Methods. Once an email is located in the Contact Methods, this application will automatically use this email address as the Authentication Email Address. This means, if your third and fourth Contact Methods contain an email address, the email address in the third Contact method is used. Your Authentication Email Address field is located in the General section in My Info. You can change and choose a separate email for authentication purposes at any time without changing your preferred Contact Methods.2 If you don’t have an email address listed in your Contact Methods upon initial MFA startup, the system will alert you to contact your system administrator so they can add your email address.
Once VCA is set, for any logins after this, this application delivers the code to your email. The code is unique to you for this instance and will expire in the time noted in the email. After you enter the code, you can choose to trust this device. When trust this device is selected, the system will not require the second factor authentication again for seven days. After the seventh day, a second factor authentication method will be required regardless of whether or not you logged in the past seven days.
When TOTP is configured, users are required to log in to their account with a password and a verification code that can be generated by an authentication application such as Google Authenticator. Once TOTP is set, for any logins after this, use the authenticator app to generate your code to log in.