Deloitte Identity and Authentication Services - DIAS
FAQ for MFA - Friendly Asked Questions for Multi Factor Authentication
Device Questions
Yes, just install any TOTP authenticator application.
Yes, there are several options for clients who don't have access to a phone capable of installing OTP apps. Browsers such as Chrome and Firefox support addons that provide the same functionality. For Chrome there's Authenticator and for Firefox there's Two Factor Authenticator. If that's not an option, there's also desktop applications like WinAuth that can be installed and provide this functionality.
Yes, the Authenticator app is compatible with iPhone, iPad, and iPod touch running iOS 9.0 or later. If the iPad is running iOS 9.0 or later, you can download the Authenticator app onto the iPad and authenticate with it. Only one device can be enabled for multifactor authentication using the mobile app at any point in time.
The mobile Authenticator app is only available for Windows Phone, Android, and mobile devices (iPhone, iPad, or iPod touch) running iOS 9.0 or later, so you cannot authenticate with the Authenticator app on your desktop PC. For desktops, the winauth application can be used, or the Deloitte windows executable.
Password Questions
If you enter the wrong password, you will not be able to log in. The password can be reset if the user is already logged in by using the selfservice section. If the user is locked out of his account and forgot his password, the administrator can send a password reset link by mail. Alternatively, the user can use the self-reset password functionality.
If an external user enters the wrong password, he will not be able to log in. The password can be reset if the user is already logged in by using the selfservice section. If the user is locked out of his account and forgot his password, the administrator can send a password reset link by mail. Alternatively, the user can use the self-reset password functionality.
Enrollment Questions
If all those Deloitte applications use DIAS to authenticate and provide MFA, then the user will only have to enroll once.
Clients will receive the enrollment email if they choose to enroll in MFA from the selfservice page. Alternatively, the organization administrator can send out enrollment emails as well by navigating to the user details in the user management interface and by clicking "send OTP registration link" button in the "credentials" section.
The Microsoft Authenticator app is available on (i) Google Play and on the (ii) App Store.
Any application that supports TOTP can be used, e.g. Google Authenticator. If the user already has such an application, the DIAS OTP secret key can be added by scanning the QR code or by using the secret key.
Admin Questions
Yes, in the organization settings there is a checkbox to indicate that enrollment in MFA is necessary to complete registration. The link sent to the users will include MFA enrollment during the registration.
Yes, in the user management section you can send each user a OTP enrollment link.
Please note that MFA will be enabled for all applications. For clients click here to enroll.