Deloitte Identity and Authentication Services - DIAS
FAQ for MFA - Friendly Asked Questions for Multi Factor Authentication
Yes, just install any TOTP authenticator application.
Yes, please refer to the guides made for clients who don't have a mobile phone. There are different options for setting up an authenticator as an addon for your browser or a desktop application. Once the lockdown is removed, the client can edit his authenticator settings and use his phone.
Yes, the Authenticator app is compatible with iPhone, iPad, and iPod touch running iOS 9.0 or later. If the iPad is running iOS 9.0 or later, you can download the Authenticator app onto the iPad and authenticate with it. Only one device can be enabled for multifactor authentication using the mobile app at any point in time.
The mobile Authenticator app is only available for Windows Phone, Android, and mobile devices (iPhone, iPad, or iPod touch) running iOS 9.0 or later, so you cannot authenticate with the Authenticator app on your desktop PC. For desktops, the winauth application can be used, or the Deloitte windows executable.
If you enter the wrong password, you will not be able to log in. The password can be reset if the user is already logged in by using the selfservice section. If the user is locked out of his account and forgot his password, the administrator can send a password reset link by mail. Alternatively, the user can use the self-reset password functionality.
If an external user enters the wrong password, he will not be able to log in. The password can be reset if the user is already logged in by using the selfservice section. If the user is locked out of his account and forgot his password, the administrator can send a password reset link by mail. Alternatively, the user can use the self-reset password functionality.
If all those Deloitte applications use DIAS to authenticate and provide MFA, then the user will only have to enroll once.
Clients will receive the enrollment email if they choose to enroll in MFA from the selfservice page. Alternatively, the organization administrator can send out enrollment emails as well by navigating to the user details in the user management interface and by clicking "send OTP registration link" button in the "credentials" section.
The Microsoft Authenticator app is available on (i) Google Play and on the (ii) App Store.
Any application that supports TOTP can be used, e.g. Google Authenticator. If the user already has such an application, the DIAS OTP secret key can be added by scanning the QR code or by using the secret key.
Yes, in the organization settings there is a checkbox to indicate that enrollment in MFA is necessary to complete registration. The link sent to the users will include MFA enrollment during the registration.
Yes, in the user management section you can send each user a OTP enrollment link.
Please note that MFA will be enabled for all applications. For clients click here to enroll.