2FA Enrollment
  • 14 Oct 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

2FA Enrollment

  • Dark
    Light
  • PDF

Article summary

You can enroll Two-factor authentication (2FA) in three ways:

  1. When signing in to an Application

  2. When performing a higher security action in an Application

  3. Self-enrolling in your Account Settings

2FA Enrollment

2FA Enrollment may show up if you are signing in with a password and the application you are trying to access recommends that you enable it. It may also be required by the application or enforced by your customer administrator security policy.

In this case, after passing the password login with success you are prompted to enable Two-step verification (2FA).

IdentityProvider_2Step_Enforced

If enrollment is set as optional you will see a “Remind me later” button, however we strongly recommend you enable 2FA to protect your account.

IdentityProvider_2Step_OptOut

Choose your Authenticator app

As a preferred choice, the wizard shows the option to download our Visma Authenticator app free of charge which has the benefit of allowing you to use secure & convenient mobile Push notifications as two-step verification. It also supports 6 digit codes shown in the same app as well.

IdentityProvider_2Step_DownloadVisma

If you do not wish to enable push notifications and wish to use a different authenticator app click on I use a different Authenticator app and go to this step.

Enable Push notifications in Visma Authenticator app

  1. On your mobile phone, scan the QR code shown in the step to download the Visma Authenticator app (Note: you can also search for Visma Authenticator in your app store if you cannot scan the QR Code for some reason)

  2. After installing the app on your mobile phone, make sure to ALLOW NOTIFICATIONS from the app when your mobile presents this question. In case you do not, please go to the Applications in your phone settings and search Visma Authenticator to update it’s permissions  to allow notifications

  3. Once the app is installed you can open it and you get the option to “Add account”

  4. AuthenticatorApp_AddFirstAccount

    Go back to the web on the screen from step 2 and click Next, the screen will show another QR Code which can be scanned on the mobile to add your account

    IdentityProvider_2Step_ScanVisma

  5. On the mobile phone click on Add account and and you get the option to Sign in or Scan QR code

  6. AuthenticatorApp_AddFirstAccountOptions

    Choose Scan QR code and scan the QR code shown on the web on step 6

  7. On your mobile phone, you will get this screen showing a Verification code, i.e “YLUI”

  8. IdentityProvider_TwoStepWizard_AuthenticatorApp_SettingUpAccountAfterScan

    On the web, you are must accept that Visma Authenticator will add your account. Note the Verification code (e.g. “YLUI”) on the bottom of the screen has to match the value you are presented with on your mobile. Accept the consent if it is the same value and deny if not.

    IdentityProvider_TwoStepWizard_ConsentScreen

  9. Once you accept the consent, you get this screen on the web while your mobile phone is completing its account setup

    IdentityProvider_TwoStepWizard_CompletingAuthenticatorAppSetup

  10. On the mobile phone your account is now added and 2FA Push Notifications is enabled

    IdentityProvider_TwoStepWizard_AuthenticatorApp_AccountAdded

Use a different Authenticator app

If you do not wish to use 2FA Push notifications by adding your account into the Visma Authenticator app, you are free to use any other Authenticator app for using 6 digit codes as two-step verification. Keep in mind that the 6 digit codes are also generated by the Visma Authenticator app same as any other Authenticator app, but in addition using our app enables you to use push notifications.

In order to add your account into the Authenticator app of your choice (Google Authenticator, Microsoft Authenticator or any other)

  1. While you are on the step below click I use a different authenticator app button on the bottom of the screen

    IdentityProvider_2Step_DownloadVisma

  2. You will get presented a screen with a QR code to scan to add your account into your Authenticator app

    IdentityProvider_2Step_ScanOther

  3. Open your Authenticator app and scan the QR Code.

  4. If you are not able to scan the QR Code, you can also enter the key manually as a secret key.

  5. Once you have added your account into the Authenticator app, you will get the 6 digit authenticator code generated.

  6. Use the 6 digit authenticator code generated by your Authenticator app  to complete the two-step verification setup on the web

  7. IdentityProvider_TwoStepWizard_EnableOtherAuthenticatorApp

    Note: each 6 digit authenticator code is valid 30 seconds, usable only once and it is time based. If you are facing issues regarding the code not being valid, please check your time settings on the mobile and sync your clock to ensure no time related problems interferes

After you have added Visma Authenticator app or any Authenticator app of your choice, the two-step wizard continues with other options to ensure that you do not get locked out in case you loose access to your Authenticator app

Optionally add a phone number to enable SMS as two-step verification option

In order to have alternative options for your two-step verification, we optionally allow you to add a phone number.

Note: This step is not shown in case you have previously already added a phone number to your account.

Although this step is optional, it is useful as a backup 2FA-option in case you loose access to your Authenticator app for some reason.

IdentityProvider_TwoStepWizard_AddPhone

Once you choose your country prefix and input your phone number, click on Next.

On your phone you will receive a 6 digit code which you need to input in the next screen in order to allow us to verify the ownership:

IdentityProvider_TwoStepWizard_AddPhone6Digit

Click on Next in order to verify the 6 digit code and continue.

In case you have entered a wrong phone number, you can go Back and enter a phone number again to restart.

Store the one-time emergency code to not get locked out

As the very last step in the 2FA Enrollment, a one-time emergency code is generated and shown in the screen:

IdentityProvider_TwoStepWizard_OneTimeEmergencyCode

Make sure you COPY and STORE this code somewhere safe to be able to use it as an alternative should you loose access to your phone.

After you have copied it, your need to check the checkbox left to “I have safely copied and stored this code“. After doing so, you are able to click on Next.

Congratulations! You have successfully completed the 2FA Enrollment and your account is protected.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.