Enroll in two-factor authentication (2FA) (user dashboard)
On your account's Security page, you can add or remove secondary authentication methods. An authentication method is something which verifies your identity in addition to your username and password. This helps prevent unauthorized access to your account, by requiring two or more steps to log in. It works the same as two-factor authentication on popular web apps like Gmail.
Note
This feature is only available if your IT department has enabled it.
Click your user profile menu in the upper-right corner of the screen, and go to Security.
HelloID supports the following factor types. Depending on your organization's policies, not all types may be available.
An authentication code sent via email.
- Text Message
An authentication code sent via SMS.
- Authenticator
A software-based 2FA authenticator app, such as HelloID Authenticator, Google Authenticator, or Microsoft Authenticator.
- Classic OATH Hardware Token
A hardware-based OATH TOTP token. Provides one-time numerical codes, usually via an LCD screen.
- Security Key
A hardware-based FIDO/U2F or FIDO2/WebAuthn security key, such as a YubiKey or Titan Security Key. Connects to your device via USB, Bluetooth, NFC, or other protocol to perform a cryptographic exchange.
- RADIUS Server
Most commonly used when your organization is switching to HelloID, to let you re-use the same authentication token you were using before.
Tip
For your desired factor type, click Add and follow the instructions below.
Enter and confirm your email address. Click Send Code.
Check your email for your 6-digit code.
Enter your 6-digit code on the following screen:
Your email address is now enrolled as a second factor.
Enter and confirm your phone number. Click Send Code.
Check your phone for your 6-digit code, and enter it on the confirmation screen.
Your phone number is now enrolled as a second factor.
Download and install a mobile 2FA app, if you don't already have one. Recommended 2FA apps include:
Tip
The benefit of using the official HelloID Authenticator is push authentication. Instead of manually typing in a 6-digit code, you simply tap a button. Learn how to log in with push authentication. Third-party authenticator apps such as Google and Microsoft Authenticator do not support push authentication with HelloID.
HelloID Authenticator app
After you click Add on the HelloID security overview page, a QR code appears.
In the HelloID Authenticator app, click Add (+).
Scan the barcode as instructed.
Your HelloID Authenticator app is now enrolled as a second factor.
Third-party authenticator app (2FA method)
After you click Add on the HelloID security overview page, a QR code appears.
In your third-party authenticator app, add a new login and scan the QR code. You will get a 6-digit code.
Enter a label and the 6-digit code:
Click Save.
Your third-party authenticator app is now enrolled as a second factor. You will be required to enter your 6-digit code each time you log in.
You must contact your IT department to enroll an OATH TOTP classic hardware token. Users aren't allowed to manually enroll a classic hardware token.
After you click Add on the HelloID security overview page, your device's operating system prompts you to plug in and configure your security key. This process differs by operating system and security key type. Consult outside documentation if needed.
Enter a label for your security key.
Click Save.
Your security key is now enrolled as a second factor.
