MFA for multiple users using 1 phone

Hi,
Is it possible to add MFA for multiple users to one phone? I have certain admin accounts that I use besides my personal account.
Can I authenticate all my admin accounts as well via my phone?

Comments

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @mashiyer

    The only way to do this would to be to assign multiple hardware tokens to one account. It's not possible to assign the same user to multiple phones.

    -James Carson
    WatchGuard Customer Support

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    In addition to the above, it'd be best security practice for you to create user specific admin accounts. Sharing them would create a problem if the account is compromised, which is why it's not possible.

    -James Carson
    WatchGuard Customer Support

  • @James_Carson said:

    In addition to the above, it'd be best security practice for you to create user specific admin accounts. Sharing them would create a problem if the account is compromised, which is why it's not possible.

    Thanks James.
    I have "admin" accounts in AD which I use to administer our domain. Besides this I have my own personal username which is MFA enabled and works fine.
    I'm wondering if its possible to enable these "admin" accounts for MFA but add their tokens to my phone in addition to my own personal one?
    So basically multiple users linked to one phone.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @mashiyer
    You can have as many AuthPoint tokens as you want on a phone -- I have several myself. However, you can't share that token among multiple users.

    -James Carson
    WatchGuard Customer Support

  • edited April 7

    Just create multiple token for the same authpoint user/account and sent every unieke token activation email to every single user that needs to login whit that account. Only thing is if some login the will al get a push notification on the same time.
    You can fixed that by not using push and use OTP only

    That’s is also how I configure my personal phones and iPad to sync token and third party tokens between my own devices

  • edited April 7

    @James_Carson said:
    Hi @mashiyer
    You can have as many AuthPoint tokens as you want on a phone -- I have several myself. However, you can't share that token among multiple users.

    Than we have found bug :-P I share tokens al the time with multiple phones. And for testing purposes I have multiple user accounts connected to a singel phone.

    I was really thinking that was the purpose of creating multiple tokens for one user to creat a multi user phone Environment. If that is not case I’m misunderstood this feature.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative
    edited April 7

    Hi @ConnectNow

    It's intentional that you can't share tokens across multiple phones.

    If you migrate a AuthPoint token to a different phone, an email with a new barcode is emailed to you, and the old one is removed from the old phone.

    You can share 3rd party OATH tokens across multiple phones.

    -James Carson
    WatchGuard Customer Support

  • edited April 7

    Yes I sync and use my authpoint app thirt party tokens between my iPad and iPhone and can use them both on the same time.

    Watch I do: I scan the third party QR in authpoint on the iPhone and Sync de backup to the iPad or the other way around, that is how I make them work on both devices.

    I also received the watchguard push notification to unlock on both devices on the same time. By creating multiple token app tokens for the same user and activate/connect that user to multiple authpoint phone/iPad apps. By forwarding or scanning the activation email on multiple phone’s.

    Also I use multiple authpoint users in the authpoint app on my phone on the same time. that is because i have different admin accounts for different clients. So i connect my phone to multiple authpoint users. Needed to unlock the logon apps from differents customers with their own windows admin accounts.

    But why should I be intentional that you can't share tokens across multiple phones? Almost every vendors make there token multi device
    https://support.authy.com/hc/en-us/articles/360016317013-Enable-or-Disable-Authy-Multi-Device

  • edited April 7
    > @James_Carson said:
    > Hi @ConnectNow
    >
    > It's intentional that you can't share tokens across multiple phones.
    >
    > If you migrate a AuthPoint token to a different phone, an email with a new barcode is emailed to you, and the old one is removed from the old phone.
    >
    > You can share 3rd party OATH tokens across multiple phones.

    Yes i can share within the authpoint app 3rd party token between multiple devices and I’m able to use the on the same time.

    I also use multiple authpoint users in the same authpoint app on the same time.

    I have a authpoint token app on my iPhone, iPad and Mac all connected to same authpoint user. when I scan a third party token I sync the backup to all devices. And that works flawlessly.
    Als the authpoint push notifications i can confirm from every device.

    I also add multiple authpoint user to my iPhone app for support. Because i have multiple windows admin/user accounts I use multiple authpoint user have to pass the logon app. For all the accounts I receive the push notification without problems.

    But us can’t believe It's intentional that you can't share tokens across multiple phones. It works kindly like how ik works by all vendors.

    I had the impression that it was designed that way So I’m selling it as basic feature of the app like almost alle token apps do. sharing tokens between multiple device a minimum requirement.
    https://support.authy.com/hc/en-us/articles/360016317013-Enable-or-Disable-Authy-Multi-Device

    If I can’t use multiple authpoint users in one app. That would be a real issue. I need to able to login whit different admin credentials for different customers.
    Also not being able to sync my or the customer third party tokens between devices is a really problem some services only allow one user account and needed to accessible for multiple users.
  • edited April 8
    Hi, Yes i can share my 3rd party tokens integratie authpoint app between multiple devices, I’m also able to use them all on the same time.

    I also use multiple authpoint users in the same authpoint app on the same time.

    I have the authpoint token app on my iPhone, iPad and Mac all connected to same authpoint user. why I scan a third party token I sync the backup to all devices. And the work. Als the authpoint push notifications i can confirm on every device.

    I also add multiple authpoint user to my iPhone app without problems. Because i have multiple windows admin/user accounts that force mee to use multiple authpoint user (licenses) to pass all authorisation off the logon app. But it works flawlessly, For all the accounts I receive the push notification without problems.

    But i can’t believe It's intentional that you can't share tokens across multiple phones. Because it work flawless and because how it works is almost similar as by other vendors. I had the impression that it was designed that way. So I’m selling it as basic feature of the app like almost alle token apps do. sharing tokens between multiple device a minimum requirement. See Authy for example.
    https://support.authy.com/hc/en-us/articles/360016317013-Enable-or-Disable-Authy-Multi-Device

    If I can’t use multiple authpoint users in one app. That would be a real issue. I need to able to login whit different admin credentials for different customers.
    Also not being able to sync my or the customer third party tokens between devices is a really problem some services only allow one user account and needed to accessible for multiple users.
Sign In to comment.