Configuring Authenticator app (verification code)

Forcepoint ONE SSE provides an option to use any Authenticator app with verification code for MFA: including Google Authenticator, Okta-Verify, Microsoft Authenticator, etc.

Steps

User attempts to login to their cloud application, they are redirected to their IdP for authentication. After entering their credentials, they are presented the Multi-Factor Authentication Registration page for your authenticator app you are using for verification.
If your authenticator app has not be setup yet, click Configure. A setup screen will appear. Open up your authenticator app on your mobile device and either scan the barcode or enter the key presented if you cannot scan the barcode.
Enter the 6-digit verification code that was generated to verify the connection to your authenticator app. You will then need to save and then enter the 6 digit verification code again to gain access to the application. If you have already setup a authenticator app then you will be taken to a page to just enter your 6-digit verification code.
The user or the Forcepoint ONE SSE admin can disconnect the authenticator app setup at any time.
- The Forcepoint ONE SSE admin can navigate to the IAM > User and Groups page and then locate the user in question and click on their name to open up the User Details dialog. Scroll to the bottom and you will see the setup options for the user. Select Remove for the MFA - Authenticator App (Verification Code) to remove their connection.
- For the user to remove their connection to their authenticator app they must login to the Forcepoint ONE SSE portal and select edit profile. Near the bottom they will see their setup options and an option for the MFA - Authenticator App (Verification Code) to remove.
  
  Note: For users to disconnect the authenticator app on their phone, they need to open the app and then hold down on the connected session. Once you hold down, it will prompt the user to remove the connection.