Sign in with 2FA

  • Updated on Apr 2, 2025
  • Published on Sep 3, 2024
  • 5 minute(s) read
Prev Next

After the successful password authentication:

IdentityProvider_2FA_AfterPAssword

When you have 2FA enabled and your device is not “remembered for 30 days”, you will get prompted for the 2-step verification input.

Depending on what you have enabled as 2FA methods, you will get one of following options:

Use push notifications as two-step verification

IdentityProvider_2FA_PushNotification

While you see this screen, you should get a push notification on your mobile phone(s) where your account is added into Visma Authenticator app

The notification will show in the notification bar

IdentityProvider_2FA_PushNotification_NotificationBar

Once you tap on the notification, the app will open and you be able to Approve or Deny the push notification for sign in

IdentityProvider_2FA_PushNotification_InApp

Once you approve the sign in push notification request, the web app where two-step verification step was prompted, will continue and redirect you into the app.

If you deny the sign in push notification, on the web app where two-step verification step was prompted, you will get this screen, where you can click on Try another way to be able to restart the 2-step sign in process with any method available.

IdentityProvider_2FA_PushNotification_InAppDeny

If your push notification request is waiting too long and we do not get any reaction from your phone, the web app will show this screen, from which you can “Try push again“ or “Try another way“ to get all available 2-step sign in methods for your account.

IdentityProvider_2FA_PushNotification_Timeout

Use 6 digit code from Authenticator app as two-step verification

When selecting "Try another way" from any two-factor authentication (2FA) verification screen, such as during verification using Push, you will be presented with all available authentication options, including this one.

If push notifications have not been enabled and you do not have any security key added, this method will appear as your default 2FA option.

IdentityProvider_2FA_AuthenticatorCodeINput

Open the Authenticator app on your mobile device, where you previously scanned the QR code to enroll in two-factor authentication (2FA) for this account.

Within the Authenticator app, locate the account associated with your username. You should see a 6 digit code accompanied by a visual indicator of its expiration, typically refreshing every 30 seconds.

Enter the 6 digit code displayed in your Authenticator app into the 2FA input field . If the code is valid, you will be successfully signed in and redirected to the application.

Troubleshooting guide for invalid 6 digit code error

1. Common causes of invalid code error:

  • Incorrect Code Entry: Double-check the digits entered.

  • Expired Code: Each code typically lasts for 30 seconds.

  • Repeated Use of Code: Ensure you're using a fresh code each time.

Steps to resolve

  • Retype and Retry: Re-enter the code carefully, ensuring accuracy.

  • Use a New Code: If the code has expired, wait for and enter a new code.

2. Device Time out of sync

An out-of-sync device clock may lead to invalid codes. Follow these steps on the device where you have the Authenticator app:

  • Verify Time Synchronization:

    • Visit time.is in your device's browser to check synchronization.

  • Adjust Device Clock:

    • Open your device's Clock app.

    • Tap "More" > "Settings."

    • Turn on "Set time automatically" by selecting "Change date & time."

3.. Authenticator App /Account not matching

  • Correct Account: Ensure you are using the code for the account you are attempting to access.

  • Appropriate Authenticator App: Verify that you are using the correct Authenticator app (e.g., Visma Authenticator, Google Authenticator, Microsoft Authenticator).

4. Authenticator App Considerations

  • When disabling 2FA, Google or Microsoft Authenticator apps won't be updated.

5. Alternate Methods

  • If issues persist, select "Try another way" to use SMS if available or a one-time emergency code.

6. Seek Further Assistance if the issue persists

  • Local Support: Contact your local support if locked out.

  • Store Emergency Code: Always store the one-time emergency code generated when enabling 2FA to prevent future lockouts.

Use SMS as two-step verification

If you’ve added phone numbers to your account, you can receive a 6-digit code via SMS as a two-factor authentication (2FA) method.

💡Note: If you didn’t verify a phone number during your initial 2FA setup, you can always add one later from your Account Settings. The SMS option will only appear if you have at least one phone number linked to your account. You can save up to three phone numbers, and all available ones will be displayed when choosing this option.

  1. On the 2FA verification screen, click “Try another way“.

  2. Select the phone number you want to use. If you have multiple phone numbers, you’ll see a list and can choose the one you prefer.

  1. You’ll receive an SMS with a 6-digit verification code.

    💡 The SMS also includes a reference number that matches the one shown in the sign-in UI. This helps you verify the code is for your current login attempt.

  1. Enter the code on the screen to complete your sign-in.

  1. Click “Verify“. You’ll be securely signed in and redirected to your account.

Use one-time emergency code as two-step verification

If you can’t access your usual 2FA method ( like Push or an authenticator app), you can sign in using a one-time emergency code.
When you’re on 2FA screen, simply click “Try another way“. You’ll then see all available verification methods, including the emergency code option.

Emergency codes are especially useful if you’ve lost access to your device or are temporarily locked out. There are two flows available:

  • I have temporary lost access to Authenticator app“ - ideal for a one-time access when you’re locked out

  • I have permanently lost access to Authenticator app“ - allows you to reset your 2FA setup entirely, in case you no longer have access to your device.

💡Note: Emergency codes are designed to provide secure fallback access and are valid for one-time use only.

  1. On the 2FA verification screen, click “Try another way“.

  2. Select “Use one-time emergency code“.

  1. Enter your one-time emergency code.

4.Choose the option that fits your situation:

4.1 Select “I have permanently lost access to Authenticator app“ - Redo your 2FA setup to secure your account again. Learn how to setup 2FA here.

4.2 Select “I have temporary lost access to Authenticator app“ - use this to sign in once without changing your 2FA setup.

4.3 You’ll receive a new emergency code – copy and store it safely for future use.

4.4 Click “Next“. You’ll be securely signed in and redirected to your account.

Use security key as two-step verification

If you’ve previously added a security key to your account, you can use it to sign in via FIDO2 authentication.

💡Note: This option is only available if a security key was registered in your Account Settings. Once added, the option “Use your FIDO2 authenticator device” will appear when choosing an alternative 2FA method.

  1. On the 2FA verification screen, click “Try another way“.

  2. Select “Use your FIDO2 authenticator device“.

  1. On the next screen, click “Use your FIDO2 authenticator device” again to begin authentication with your security key.

  1. Follow the prompts shown by your browser or device.

    Depending on your security key and browser settings, you may be asked to:

    - Insert the key

    - Enter your PIN
    - Tap the key or use biometric verification (e.g., fingerprint)

  2. Once verified, you’ll be securely signed in and redirected to your account.