Managing your IBM Verify authenticators

Authentication factors are used for two-step verification. Two-step verification protects you and your account by verifying your identity by using a second authentication method when you access your account on your computer.

Before you begin

If you want to use the IBM Verify mobile app as an authenticator, you can download it from the app store and install it on your mobile device. Go to either the Apple App Store or Google Play.

Note: Your tenant administrator sets the authentication factors that are available for you to use.

About this task

If your application or Verify security policies require 2FA provided by IBM® Security Verify, then you first need to register one or more instances of theIBM Security Verify mobile authenticator app. If registered, IBM Security Verify can be offered as a 2FA option during runtime access and 'm seeing the IBauthentication.

You can perform the following tasks:

Add an authenticator.
View the authenticator details.
Test the authenticator.
Remove the authenticator.

Note: If your account requires a minimum number of enrollments, the enrollments must be unique. For example, if you use the same phone number for text messages and phone calls, it is only one enrollment. If you use your cell phone number for text messages and your office phone number for phone calls, then they are two enrollments. Similarly, if your username and email address are the same, it is one enrollment. However, if you list multiple email addresses, they are each an enrollment. For example, johndoe@outlook.com, johndoe@gmail.com, johndoe@mycompany.com are three unique enrollments.

Procedure

Log in to your Verify account.
From your profile menu, click Profile & settings.
From your Profile page, click Security .
Perform second factor authentication.
1. Select the method to receive your one-time password.
  Initially, when no authentication factors are set up, a passcode is sent to your email address that is associated with your Verify account.
2. Enter the passcode and click Submit.
On your Security settings page, any existing authentication methods are displayed. You can add more authentication methods.
To register a method or to change an existing method, click Add new method and choose the method that you want to use for multi-factor authentication.
To add the IBM Security Verify app, click Add device.
1. If you didn't previously download the app, follow the instructions to download it from the App store or Google Play.
2. Click Next: Connect your account.
  A QR code is displayed.
3. Open the Verify app on your mobile device and tap Connect an account.
4. Scan the QR code.
5. On the Allow connection to screen, tap Approve.
6. If you enabled biometrics on your mobile device and want to use them for the app authentication, tap Use bometrics, otherwise tap Not now.
7. Tap Done.
8. On Verify, click Done.
  If you did not previously add an Authenticator app, Security Verify is also added as your Authenticator app. Now when you are prompted for a second authentication factor, you have two choices.
  - You can select IBM Verify App and touch the push notification on your mobile device.
  - You can select Authenticator app and enter the passcode that is generated .
  Note: If you choose to use the passcode, it is six numbers without any spaces. Although the passcode might appear as 123 456, it must be entered as 123456.
To add an Authenticator app, click Setup.

Note: You can have one Authenticator app only. If Security Verify is also listed as your authenticator app and you want to use another app, you must first remove Security Verify as the authenticator app. Click the more options menu icon and select Remove authenticator.
1. Provide a name for your authenticator app.
2. Click Next: Download the app.
3. If you didn't previously download the app, follow the instructions to download it from the App store or Google Play.
4. Click Next: Connect your authenticator.
  A QR code is displayed.
5. On your authenticator app, tap Add account.
6. Select an account type.
7. Scan the QR code.
8. Tap Finish if necessary.
9. On your Verify account, click Next:Test your authenticator.
10. Enter the one-time passcode from your authenticator.
  
  Note: The passcode is six consecutive numbers. It has no space. Although the passcode might appear as 123 456, it must be entered as 123456.
11. Click Done.
  Now when you are prompted for a second authentication factor you can select Authenticator app and enter the passcode that is generated by the authenticator app on your mobile device.
To set up a passkey, you can use your device authenticator or a hardware security key.
- To set up a passkey that uses your built-in authentication methods, do the following steps.
  1. Click Add new method.
  2. Click Next: Add passkey.
  3. Select an authentication method and follow the prompts.
  4. Select OK to save your passkey.
  5. If prompted, click Allow.
  6. Type a friendly name to identify your passkey.
  7. Click Done.
- To set up a passkey that uses an external security key, do the following steps.
  1. Click Add new method.
  2. Click Next: Add passkey.
  3. Select Security key and click Next.
  4. Click OK.
  5. Click OK.
  6. Insert your security key.
  7. Enter a security key PIN (password)
  8. Click OK.
  9. Touch your security key.
  10. Click OK to save your passkey.
  11. If prompted, click Allow.
  12. Type a friendly name to identify your passkey.
  13. Click Done.
To set up text messaging, do the following steps.
1. Click New number.
2. Ensure that the correct country code is selected.
3. Enter your mobile phone number and area code without any spaces.
  For example, enter (123) 456-7890 as 1234567890.
4. Click Send access code.
5. Enter the access code that you received on your mobile device.
6. Click Verify.
7. Click Done.
To set up an email account for authentication, do the following steps.
1. Click New email.
2. Enter the email address in the correct format.
  For example, johndoe@myco.com. Include the at symbol '@' and period '.' in the address.
3. Click Send access code.
4. Enter the access code that you received in the email.
5. Click Verify.
6. Click Done.
To set up a phone call for authentication, do the following steps.
1. Click New number.
2. Ensure that the correct country code is selected.
3. Enter your mobile phone number and area code without any spaces.
  For example, enter (123) 456-7890 as 1234567890.
4. Click Call me.
5. Enter the access code that you received verbally on your phone.
6. Click Verify.
7. Click Done.
Optional: To view registered authenticator details, do the following step.
1. Click the '∨' or the name of the method.
  The panel is expanded to show the details. Typically,
  - When it was added
  - Whether it is enabled
  - Whether it is validated
  - Device type if appropriate
  .
Optional: To remove a device or method, do the following steps.
1. Hover over the authenticator and click the more options menu icon when it appears.
2. Click Remove authenticator and click Confirm.
Note: If your account requires a minimum number of enrollments and this removal results in fewer than the minimum amount,
- If you are within the grace period, after the removal you might see notifications about the required number of enrollments.
- If you are not within the grace period, after the removal you must complete the required number of enrollments the next time you authenticate.
Optional: To test the operation of an authenticator, do the following steps.
1. Hover over the authenticator and click the more options menu icon when it appears.
2. Click Test Device and follow the instructions.
  A push notification or code is delivered to your IBM Security Verify authenticator. Respond to the notification as directed.