Contact Us
Help Center Home > Vault > Vault: OTP Authenticator and Recovery Codes for MFA

Vault: OTP Authenticator and Recovery Codes for MFA

Overview

Vault supports multi-factor authentication (MFA) to add an extra layer of security to your account. While Vault offers built-in MFA via email or SMS, using a time-based One-Time Password (OTP) authenticator app provides stronger security and works even without internet connectivity. This guide explains how to set up, use, and manage OTP authentication.

Important:

OTP authenticator setup is available exclusively for local Vault users. If your organization uses single sign-on (SSO) for authentication, MFA is managed through your SSO provider instead. Check with your administrator if you are unsure which authentication method your account uses.

Set Up Your OTP Authenticator

Step 1: Access My Settings

  1. Log in to the Vault platform.
  2. Click your user icon in the bottom-left corner of the screen.
  3. From the dropdown menu, select My Settings.

Step 2: Enable the Authenticator App

  1. In the My Settings window, locate the Enable Authenticator App section.
  2. Click the Enable button.
  3. A dialog box titled "Two Factor Authentication" will open, beginning with "Authentication Verification."

Step 3: Scan the QR Code

  1. Open your preferred OTP authenticator app on your phone.
  2. Scan the QR code displayed on your Vault screen using your authenticator app.
  3. Your app will generate a six-digit code.
  4. Enter this code into the field on your Vault screen.
  5. Click Continue.

Step 4: Save Your Recovery Codes

  1. The next screen displays "Save Your Security Codes." This is your opportunity to save your recovery codes.
  2. You will see 10 recovery codes displayed. Each code can be used once to log in if you cannot access your authenticator app.
  3. Download or copy these codes using the Download or Copy buttons.
  4. Store them in a secure location, such as a password manager, encrypted file, or physical safe.
    • Do not store recovery codes in the same location as your Vault credentials.
    • Do not share recovery codes with anyone.
  5. Click Continue after you have saved your codes.

Step 5: Confirmation

  1. You will see a confirmation message: "Authenticator App Enabled." This confirms your setup is complete.
  2. Click Done.

Note:

From this point forward, you will need to provide a code from your authenticator app whenever you log in to Vault.

Logging In with Your Authenticator App

Standard Login Process

  1. Enter your username and password on the Vault login screen.
  2. On the "Verify Your Identity" screen, select Authenticator App.
  3. Open your authenticator app on your phone and locate the six-digit code for Vault.
  4. Enter the code in the field provided.
  5. (Optional) Check Remember this Browser if your administrator has enabled this feature. This allows you to log in without MFA on this device and network for future sessions, until either changes.
  6. Click Submit.

Using a Recovery Code

If you do not have access to your authenticator app (for example, if you lose your phone or delete the app), you can use a recovery code instead.

  1. On the "Verify Your Identity" screen, click Use Recovery Code.
  2. Enter one of your saved recovery codes in the field provided.
  3. Click Submit.
  4. You will gain access to your account.

Important:

Each recovery code can only be used once. After use, that code is no longer valid. If you use all your recovery codes, you will need to generate new ones or disable and re-enable your authenticator.

Viewing Your Recovery Codes

  1. Go to My Settings > Profile.
  2. In the "Authenticator App Enabled" section, click View Recovery Codes.
  3. You will see your currently available recovery codes.
  4. You can download or copy these codes for safekeeping.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case