Configure MFA and authenticator apps

The Authenticator App is an essential tool for enhancing account security through Two-Factor Authentication (2FA). It generates time-based one-time passcodes (TOTPs) that act as a second step in the login process. By requiring access to a registered device, it ensures that only authorized users can complete authentication.

This guide shows how to configure the Authenticator App as a 2FA method and verify that it works correctly.

1. Log in to the Next Identity console.

2. Navigate to the Journeys screen, and select the Journey you would like to enable passkeys for, click on the edit icon (pencil).

3. The journey builder canvas page will load, showing you the current workflow for that journey (including a card for two factor authentication if it is enabled).

4. If two factor auth is not yet enabled:

   • Click on the "Add features" menu located on the top of the screen.

   • Locate Two Factor Authentication and choose "Add".

   • The two factor authentication step will now appear in your journey.

5. Review the changes and save the updated journey in your lowest environment, typically Development, before propagating to upper environments.

You can tailor the two factor experience to meet your application’s specific needs. To customize, click the edit icon next to the two factor auth step box in the journey editor, which will display the configure two factor auth screen.

• Two factor auth method: Choose from email, sms, or authenticator app.

• Enforcement policy: Choose from optional or required.

To verify that the Authenticator App is working as expected:

1. Open the Client Details screen for the client you want to test.

2. In the Design your user journeys section, locate the Authentication card and activate the run button (play icon).

3. On the test screen, sign in using your primary authentication method (for example, email with one-time password).

4. After signing in, you will be prompted to set up your Authenticator App.

5. A screen will display a QR code and a manual key.

6. Open your preferred Authenticator App (such as Google Authenticator or Microsoft Authenticator).

7. In the app, select Add account and choose Scan QR code, or manually enter the key.

8. The app will begin generating a six-digit code.

9. Enter the code in the setup screen and select Finish setup.

10. A confirmation message will indicate that setup is complete.

After setup, users will be prompted to enter the code from their Authenticator App during each login attempt, following primary authentication.

• Configure multi-factor authentication (MFA)