InstaSafe | Integrate InstaSafe Authenticator for Two-Factor Authentication (2FA) with Biometric Verification and Push Notification based Approval in ISA

Integrate InstaSafe Authenticator for Two-Factor Authentication (2FA) with Biometric Verification and Push Notification based Approval in ISA

The Administrators of an organization might choose to increase the security posture with InstaSafe's built-in Two Factor Authentication that would prompt users for an OTP delivered to the registered Email ID and mobile number.
Users are encouraged to integrate Authenticator Apps that would provide Time-based OTPs (TOTP) for Two-Factor Authentication. This would effectively eliminate the dependency on mobile networks for SMS OTPs as well as to avoid deadlock scenarios where users can access corporate email (for Email OTPs) only after the InstaSafe Secure Access (ISA) App is connected.

This Article provides guidance on how to use InstaSafe Authenticator App for Two-Factor Authentication (2FA) with Biometric Verification and Push Notification based Approval.

Download the InstaSafe Authenticator App from the Android Playstore or the Apple App Store

On first use, the InstaSafe Authenticator App would prompt you to set up an MPIN. Be sure to remember the MPIN, since it would be required at every subsequent attempt to access the App.


On compatible devices, the App would also prompt you to link your phone's biometric (fingerprint) authentication, to facilitate easier login to the App, instead of the MPIN.


In the Profiles section, tap the + Button


Select the option 'ISA'


Enter the 'Sub Domain' which is typically your organization's name as provisioned in the ISA platform and tap 'Submit'. In case of any clarifications needed with regards to this, please reach out to the Admins of your organization.


The ISA portal specific to your organization would open up. Please make use of the credentials provided by the Admins of the organization to login.



In case Two Factor Authentication has already been configured, an OTP will be sent to your registered email ID and mobile number which would need to be entered in order to proceed.
Depending on the type of deployment setup opted for by the organization, these credentials may either be the Domain Credentials (synced with the corporate IAM) or created locally in the ISA Management Console by the Admins. In some cases, the Admins might even allow users to set their own ISA passwords. In this case, users would receive an email through which they could set their own passwords, in addition to the regular 'welcome email'. 

It is expected that the Admins convey this information to all users of the organization that would be making use of the ISA solution.

Users that are locally provisioned can change their passwords within the ISA portal once logged in.
Once successfully logged in to the ISA account, the integration will be complete


Going forward, on attempting to login to the ISA App, a Push Notification would be sent on the Mobile Device where the InstaSafe Authenticator is configured.

In order to Approve/Reject the Push Notification, login to the InstaSafe Authenticator using Biometric Verification or the MPIN.

                                          

Once ascertained that the login attempt is genuine, tap the 'Approve' button. 



Alternatively, the TOTP code can be entered manually in the OTP prompt window of the ISA App.
Push Notifications in InstaSafe Authenticator are available only when logging in to the ISA App or the ISA Windows Integrated MFA feature. For ISA Portal logins, please make use of the TOTP from the InstaSafe Authenticator in order to complete the 2FA.


In case you are unable to integrate your Authenticator App by following these steps, please contact your organization's IT Team.

If you are an Admin of the organization's ISA Account and need assistance, contact InstaSafe Support