FAQ for Two-Factor Authentication (End-User)


Two-factor authentication is a from of multi-factor authentication.

What is the difference between a secret key and a PIN?

Secret Key: A unique 16 character alphanumeric code you must provide in a PIN generating tool before the tool can start to generate PINs. The secret key is sent to you in the first email you receive when you try to access a CommCell with two-factor authentication enabled. Because the secret key is provided only in the first email, you must save this email. For information on obtaining a secret key, see Obtaining a Secret Key.

PIN: A six-digit number you must enter with your password every time you log on to a CommCell environment that has two-factor authentication enabled. Each time you log on, you need a new PIN. For information on acquiring a PIN, see Acquiring a PIN.

I lost my secret key. What should I do?

If you accidentally delete the email containing your secret key or if you feel the secret key was compromised, contact your Administrator. The Administrator can delete your current secret key. After the secret key is deleted, a new secret key is sent in an email to you the next time you log on to the CommCell.

How does Two-Factor Authentication affect me if I use SSO?

If you are a domain user whose credentials are specified automatically to log on to the CommCell, it means that your domain is configured with Single Sign On (SSO). Two-factor authentication does not affect domain users with SSO.

Domain users accessing the CommCell for the first time using the Web Console

If you are a domain user and you log on to the CommCell for the first time, the CommCell grants you access without the need to provide a PIN. Two-factor authentication takes effect the second time you try to log on to the CommCell.

Can I log on using a PIN instead of a web authenticator?

Yes. You can use the PIN verification method when your web authenticator is misplaced or lost, or you do not want to use it anymore.

Why does my configured web authenticator not work?

You must ensure that:

  • You access the Command Center using a fully qualified domain name and not an IP address.

  • The Command Center has a valid TLS certificate.

I lost my web authenticator. What should I do?

If your web authenticator is lost or misplaced, contact your administrator. The administrator can remove your web authenticator. If you receive a new web authenticator, add the web authenticator to your CommCell account.

Configured a web authenticator, but why do I need to enter an OTP to logon to the Command Center, on another device?

Even if you have configured a web authenticator for a user account, such as, Windows Hello or Apple Touch Id, you may still need to enter an OTP to logon to the Command Center on another device.

This is expected if the other device does not support platform authenticators.