Notifications

896 views

Overview


Multi-factor authentication (MFA), also known as two-step verification, is a security requirement that calls for users to enter more than one set of credentials in order to authenticate to an instance. After entering a username and password on HI, users are prompted to enter in the 6-digit verification code that is generated from Google Authenticator or Authy.

Downloading and setting up the application for the initial time on HI

When logging into HI after multi-factor authentication (MFA) has been enabled, the page to enable multi-factor authentication (MFA) is displayed.

Note: If you have issues enabling multi-factor authentication, click Bypass Setup. This will allow you to log into HI for three times before MFA is required.




 


 

  1. Download and install Google Authenticator on your phone.
    1. If you do not own a smartphone, you can use Authy or the Authenticator extension in Chrome (see instructions below).
  2. On the mobile device, open the Google Authenticator application.
  3. Select Manual Entry or scan the QR code.
  4. Enter the 6-digit verification code on your mobile device into the text box in Step 3.
  5. Click Pair Device and Login.
    Note that the code automatically refreshes every 30 seconds.

Logging into HI with multi-factor authentication


After Google Authenticator or Authy has been configured, copy the verification code when logging into HI.

  1. Log into HI.
  2. Open Google Authenticator or Authy.
  3. Type the 6-digit verification code.
  4. Click Login.



  5. Alternatively, request a verification to be sent via email. The received code is valid for 10 minutes. 

Note: The system time on your computer must be in the same time zone as the time on your mobile device in order for the code to work.




Set up MFA for HI on a new device

You may need to set up multi-factor authentication for a second time (for example, the user issued a new phone) or pair a new device. 

  1. Download and install Google Authenticator on the new mobile phone.
  2. To set up a new MFA code, log into HI.
  3. Follow the prompt to enter a 6-digit code.
  4. Click the link to receive a one-time code via email.



  5. After receiving the code, enter the 6-digit code into the 2-Factor Authentication text box.
  6. Click Login.
  7. Go to My Profile.
  8. Under Related Links, click Multi-factor Authentication.



  9. Open Google Authenticator on your phone.
  10. Manually enter the 6-digit verification code on your mobile device.
    Alternatively, tap Scan Barcode and point your camera at the QR code on your computer screen.
  11. Click Pair Device and Login.
    The new device is now paired and refreshes every 30 seconds.

Install Authenticator in Chrome


This section describes how to install and configure the Authenticator application in Chrome.

  1. Ensure that you are running Chrome 47.0.2526.106 or higher.
  2. In a Chrome browser tab, navigate to Authenticator app's page in the Chrome Web Store.
  3. Click the Add to Chrome button.
  4. Launch the Authy app from the Chrome App Launches menu or click the Authenticator icon  in the upper-right corner.
  5. Click the pencil icon .
  6. Click on the +.
  7. Select Manual Entry or scan the QR code.
  8. In Account, enter a descriptive name for the account.
  9. In Secret, enter the 16-digit code (without spaces) displayed on the HI login screen.



  10. Select Time Based.
  11. Click OK.
    The 6-digit code is displayed on the Authenticator home screen.

 Install Authy in Chrome


This section describes how to install and configure the Authy application in Chrome.

  1. Ensure that you are running Chrome 47.0.2526.106 or higher.
  2. In a Chrome browser tab, navigate to Authy app's page in the Chrome Web Store.
  3. Click Add to Chrome.



  4. In the confirmation dialog, click Add.

  5. Launch the Authy app from the Chrome App Launches menu or click  in the upper-right corner.
  6. Identity verification can be completed in two ways:
    • Cell Phone: Provide your cell phone number and verify your identity by a call or SMS. Also, enter your ServiceNow email address when prompted.
    • Desk Phone: Select the callback option. A registration pin is generated on the screen. Enter the registration pin (2 digits) when the call is received. 


  7. Click the gear icon in the upper-left corner.



     The Authy configuration screen appears.

  8. Click the Account tab to set up a master password (optional).
    If you forget your master password, there is no way to recover the password. You will have to delete all your Authy accounts, uninstall, and reinstall.
  9. Enter your password in Master Password.
  10. Click Add Authenticator Account in the bottom-left corner.
  11. Enter in the 16-digit code (without spaces) displayed on the HI login screen.
  12. Click Add Account.
  13. Select a logo, enter in the instance name, and click Done.
  14. Close the configuration screen to view the account list.
  15. Select an account.
  16. Select Show Token.
  17. Paste the verification code on the instance (HI or HI Hop) to pair the device and log in.

 

Frequently asked questions

Q. What if I do not own a smartphone?

A. Using a smartphone is the recommended way to use MFA on HI. If you do not own a smartphone, you may use the Chrome browser Authy extension to set up and use MFA. Download and add the extension to your Chrome browser. Then, set up an account and master password with the Chrome extension before you set up the MFA for HI with the extension.

Q. I do not use Chrome for my day-to-day activities and use Firefox heavily. Is there an Authy plug-in for Firefox that I can use?

A. Currently, a browser-based Authy plug-in is not supported on Firefox. However, you can install the Authy Plug-in through the Chrome browser. After it is set up on your machine, the Authy app can be used as standalone (without using the Chrome browser) for generating the code that you can use in your Firefox browser to log on to HI for MFA.

Note: After you have installed the app, ensure that you have Multi-Device option selected from the Devices section in the app.

Q. What if I do not have a smartphone while logging in?

A. After the initial pairing, if you forget your smartphone or do not have a smartphone available, you can email yourself a code to log in.

Q. Is there an Authy plug-in for Firefox?

A. No. The extension is specific to Chrome browser. However, you may use the 6-digit token generated by the Chrome extension Authy into Firefox for logging into HI.

Q. Can I enter the code and my password in one login screen instead of two different screens?

A. Yes. After initial setup, you can enter your password followed by the 6-digit code in the first login screen to log in.

Q. What if I need to change devices and need to re-pair or re-enter the code into a different mobile device?

A. You can browse to your user profile on HI by typing My Profile on the navigation search bar and clicking multi-factor authentication to get access to the code to re-enter and pair your device.

Q. What should I do if my Authenticator codes are not working (Laptop)?

A. Update the preference on your laptop to set the time automatically in order to generate the correct code.  If the time on your laptop is set manually, it could be more than a few minutes off which will cause the codes to fail.

Q. What should I do if my Google Authenticator codes are not working (ANDROID)?

A. This might be because the time on your Google Authenticator app is not synced correctly.

To ensure that you have the correct time:

  1. Go to the main menu on the Google Authenticator app.
  2. Click Settings.
  3. Click Time correction for codes.
  4. Click Sync now.

On the next screen, the app confirms that the time has been synced and you should now be able to use your verification codes to sign in. The sync only affects the internal time of your Google Authenticator app and does not change the Date & Time settings on your device.

Q. Can I turn it off?

A. No, MFA is mandatory security requirements for all employee user accounts in HI. However, MFA will be turned off for non-employee accounts i.e., system account or integration accounts.  FA turned off.

 

For help or questions with MFA for HI, please contact: santosh.talluri@servicenow.comor hiadministration@servicenow.com”  

 

Article Information

Last Updated:2018-11-15 18:02:14
Published:2018-11-16