Deploying the Cloud MFA Authentication App
This document is intended for end-users of the Cloud MFA service and describes how to deploy the Entrust ST Authentication App for generating soft tokens.
- Download the dedicated Entrust ST Authentication App for secure end-to-end delivery of OTP's (One Time Passcode's). The app is available for iOS and Android smartphones.
Activating your Soft Token
Your Cloud MFA administrator will enable your account for soft token use. You will receive an email containing a QR code, for example:
Open the Entrust ST app, tap the top left hamburger menu and select Scan QR code and then tap the + icon to scan the QR code.
You will be prompted to enter the password to unlock the QR code. The password is provided as part of the activation email. Optionally, change the token name if required.
Tap the QR code icon in the bottom right to register the token.
You will be prompted to enter the password to unlock the QR code. The password is provided as part of the activation email. Optionally, change the token name if required
Using Push Authentication with the App
If the Cloud MFA administrator has configured your account to use push authentication, then the app will notify you pending authentication requests. Tap a notification to open the Entrust ST app.
If you have enabled PIN protection (recommended) then you will be prompted enter your PIN code.
Once the app has opened, you will be presented with options to accept or deny the push authentication.
- Confirm - confirm the authentication request. This action will be logged.
- Cancel - discard the authentication request. This action will not be logged.
- Concern - if the authentication request is not expected or you believe it is suspicious, this will den the request. This action will be logged.
Using the app for Soft Token generation
If the Cloud MFA administrator has configured your account to use Soft Token authentication, a soft token/OTP will be automatically generated every 30 seconds when the app is opened. You can use this token to authenticate when prompted.