Deploying the Cloud MFA Authentication App

Updated 2 years ago by admin

This document is intended for end-users of the Cloud MFA service and describes how to deploy the Entrust ST Authentication App for generating soft tokens.

  1. Download the dedicated Entrust ST Authentication App for secure end-to-end delivery of OTP's (One Time Passcode's). The app is available for iOS and Android smartphones.
Note that the Cloud MFA service can also be used with third party applications such as Google Authenticator and Authy
After installing the app ensure that you enable PIN protection

Activating your Soft Token

Your Cloud MFA administrator will enable your account for soft token use. You will receive an email containing a QR code, for example:

A token activation is only valid for 5 minutes

Android Activation

Open the Entrust ST app, tap the + menu button in the bottom right and select QR code.

You will be prompted to enter the password to unlock the QR code. The password is provided as part of the activation email. Optionally, change the token name if required.

Review the information and ensure it matches the company you expect.

Click Next

Depending on your organisations policy, you may be prompted to set a PIN code to protect this identity.

The new identity will be added to the Identities list and a token will be generated randomly every 30 seconds.

iOS Activation

Tap the Scan QR Code option to register the token.

If prompted, grant permission for the app to access the camera.

You will be prompted to enter the password to unlock the QR code. The password is provided as part of the activation email.

Review the information and ensure it matches the company name you expect.

Click Next

Depending on your organisations policy, you may be prompted to set a PIN code to protect this identity. Click Next again.

Confirm the PIN code by tapping Confirm

The new identity will be added to the Identities list and a token will be generated randomly every 30 seconds.

Using Push Authentication with the App

If the Cloud MFA administrator has configured your account to use push authentication, then the app will notify you pending authentication requests. Tap a notification to open the Entrust ST app.

Example notification on iOS:

Example notification on Android:

If you have enabled PIN protection (recommended) then you will be prompted enter your PIN code.

Once the app has opened, you will be presented with options to accept or deny the push authentication.

  • Confirm - confirm the authentication request. This action will be logged.
  • Cancel - discard the authentication request. This action will not be logged.
  • Suspicious - if the authentication request is not expected or you believe it is suspicious, this will den the request. This action will be logged.

Using the app for Soft Token generation

If the Cloud MFA administrator has configured your account to use Soft Token authentication, a soft token/OTP will be automatically generated every 30 seconds when the app is opened. You can use this token to authenticate when prompted.


How did we do?