Multi-Factor Authentication
When you enter your login credentials, you will be prompted to setup an MFA device during a 29 day grace period after your account has been created. This allows you to receive and enter an authentication code each time you log in. After the grace period, an MFA device will be a requirement and you won't be able to log in to SpotLight without assigning an MFA device.
You will need to download an MFA app to the device you want to setup. You can use any app that supports the TOTP standard, however the recommended apps are:
- Authy
- Duo Mobile
- Last Pass Authenticator
- Microsoft Auth
- Google Authenticator
Registering Your Device
- Once you've downloaded an MFA app, select Register Device in the SpotLight dialog.
- Open your MFA app and scan the QR Code with your device's camera.
- Enter the first Authentication code, wait for the code to time out, and then enter the second Authentication code.
- Select Continue. The codes will expire after 30 seconds.
- Note:
- You do not have to enter the spaces included in the MFA code.
- Once you've scanned the QR code, the issuer in your DUO app will appear as Third Party. The issuer field on the other recommended apps will appear as Zerolight - Central Auth (global)
- If successful, you will see the Device Successfully Paired message.
- Select Finish. Enter your details to log in and enter another Authentication code from your MFA app to log in.
- Select Remember Me for 12 hours on the log in page. When you next log in, you will not be prompted for a code from your paired device, as long as the login is done inside the time-period of MFA proof.
- If the MFA proof has expired, then you will be prompted to re-enter an MFA code from your device.
Device Pairing Unsuccessful
If your device fails to register, this could be caused by:
- Entering incorrect or expired codes
- Unregistering the device whose QR code you snapped, or replaced it with a new one by attempting to start the whole login flow again.
- To register, select Try again.
- Open your MFA app and scan the QR Code again with your device's camera and enter 2 consecutive authentication codes. Enter the first code, wait for it to expire, then enter the second code.
- Select Continue.
- If the problem still persists, try using another MFA app. Remove your account from the original MFA app first.
If the problem persists with multiple MFA apps, please raise a request through the Service Desk
Assigning a New Device
- Enter your details to log in.
- When the MFA dialog appears, select I Have a New Device
- Select Continue to receive your reset email.
- Follow the link in your reset email to pair a new device, where you will be presented with a QR code to scan and must enter the 2 consecutive authentication codes.