Integrating Microsoft Authenticator for ISA Authentication
An organization may choose to increase their security posture with InstaSafe Secure Access’s (ISA) built-in Two Factor Authentication (TFA) that will prompt users for an OTP delivered to the registered email address and mobile number.
Further, ISA supports various authenticator apps to provide Time-based OTPs (TOTP) for Two-Factor Authentication. This would effectively eliminate the dependency on mobile networks for SMS OTPs and avoid deadlock scenarios where users can access corporate email for email OTPs only after the ISA User Agent is connected.
Microsoft Authenticator supports TOTP-based authentication. The Authenticator supports iOS and Android devices.
This article provides a step-by-step guide on configuring the Microsoft Authenticator app for Two-Factor Authentication (TFA) of ISA users.
Opening the QR code on the ISA web portal
- Open a web browser and open the ISA web console login page.
- Enter the username and password of the user.
- Click Sign In.
- When the user is prompted to select a method to receive the OTP, select OTP via SMS or OTP via Email.
- Enter the OTP obtained in your email or via SMS.
- Select Verify OTP.
- Once logged in, click the user profile on the top right side of the screen.
- Select QR Code. The QR code option will be listed only if Two-Factor Authentication is enabled for the user.
The QR code is displayed.
Installing the Microsoft Authenticator app
- Locate Microsoft Authenticator in App Store or Play Store.
- Select the download icon.
- Select Open.
- Select Accept.
- Select Continue.
- Select Scan a QR code.
- Allow camera access.
- Scan the QR code displayed on the web portal.
- Once the QR code is verified, the user is added to the app. The TOTP for the user is displayed.
A new TOTP pin is generated every 30 seconds. Use the pin for secondary authentication when accessing the ISA web console or connecting the ISA User Agent.
Testing
- Open a web browser and go to the ISA web console login page. Enter the username and password of the user and sign in.
- When the user is prompted to select a method to receive the OTP, select TOTP on Authenticator.
- On the Microsoft Authenticator, copy the OTP generated.
- On the OTP prompt window, enter the OTP generated on the Microsoft Authenticator app.
- Select Verify OTP.
- The user is successfully logged into the ISA web console.
Conclusion
Microsoft Authenticator enhances secondary authentication by way of Time-based One-Time Password (TOTP).