MFA for multiple users using 1 phone
Hi,
Is it possible to add MFA for multiple users to one phone? I have certain admin accounts that I use besides my personal account.
Can I authenticate all my admin accounts as well via my phone?
1
Sign In to comment.
Comments
Hi @mashiyer
The only way to do this would to be to assign multiple hardware tokens to one account. It's not possible to assign the same user to multiple phones.
-James Carson
WatchGuard Customer Support
In addition to the above, it'd be best security practice for you to create user specific admin accounts. Sharing them would create a problem if the account is compromised, which is why it's not possible.
-James Carson
WatchGuard Customer Support
@James_Carson said:
Thanks James.
I have "admin" accounts in AD which I use to administer our domain. Besides this I have my own personal username which is MFA enabled and works fine.
I'm wondering if its possible to enable these "admin" accounts for MFA but add their tokens to my phone in addition to my own personal one?
So basically multiple users linked to one phone.
Hi @mashiyer
You can have as many AuthPoint tokens as you want on a phone -- I have several myself. However, you can't share that token among multiple users.
-James Carson
WatchGuard Customer Support
Just create multiple token for the same authpoint user/account and sent every unieke token activation email to every single user that needs to login whit that account. Only thing is if some login the will al get a push notification on the same time.
You can fixed that by not using push and use OTP only
That’s is also how I configure my personal phones and iPad to sync token and third party tokens between my own devices
Than we have found bug :-P I share tokens al the time with multiple phones. And for testing purposes I have multiple user accounts connected to a singel phone.
I was really thinking that was the purpose of creating multiple tokens for one user to creat a multi user phone Environment. If that is not case I’m misunderstood this feature.
Hi @ConnectNow
It's intentional that you can't share tokens across multiple phones.
If you migrate a AuthPoint token to a different phone, an email with a new barcode is emailed to you, and the old one is removed from the old phone.
You can share 3rd party OATH tokens across multiple phones.
-James Carson
WatchGuard Customer Support
Yes I sync and use my authpoint app thirt party tokens between my iPad and Mac iPhone and can use them both on the same time.
Watch I do: I scan the third party QR in authpoint on the iPhone and Sync de backup to the iPad or the other way around, that is how I make them work on both devices.
I also received the watchguard push notification to unlock on both devices on the same time. By creating multiple token app tokens for the same user and activate/connect that user to multiple authpoint phone/iPad apps. By forwarding or scanning the activation email on multiple phone’s.
Also I use multiple authpoint users in the authpoint app on my phone on the same time. that is because i have different admin accounts for different clients. So i connect my phone to multiple authpoint users. Needed to unlock the logon apps from differents customers with their own windows admin accounts.
But why should I be intentional that you can't share tokens across multiple phones? Almost every vendors make there token multi device
https://support.authy.com/hc/en-us/articles/360016317013-Enable-or-Disable-Authy-Multi-Device
Thanks guys. That sorted out my problem ! I'm able to use multiple tokens to authenticate from one phone now. Cheers.
Hello Mashiyer,
Thank you for your info. Can you tell me, how many tokens can you use to authenticate from one phone? I'm wondering if I have 100 AuthPoint licenses, can I use one phone to create 100 tokens?