This site requires JavaScript to be enabled
External Customer KB > General > Authenticating With OneLogin Protect
Authenticating With OneLogin Protect
Article: KB0010511 Published: 11/20/2023 Last modified: 11/20/2023

OneLogin Protect is a mobile authenticator app available on Android and iOS that provides a one-time-password (OTP) as an additional authentication factor.

As of April, 2023, support for OneLogin Protect's backup and restore functionality has been discontinued.

Prerequisites:

This app requires a mobile device running Android 5.0 (Lollipop) or above or iOS 13.0 or above.

 


 

Adding an Authentication Factor

Your administrator may require biometric authentication for OneLogin Protect. If your device prompts you to enable biometric authentication during setup, confirm and follow the on-screen prompts.

Using Your Mobile Device

  1. Log in to your OneLogin portal from the browser on your mobile device. If your admin has required multi-factor authentication (MFA) and you have not already configured at least one additional authentication factor, you may see a prompt requesting that you add one now. If so, tap Continue and follow the prompts on your screen. Otherwise, go to your Profile and choose Security Factors from the menu.

    OneLogin browser menu
    OneLogin mobile browser Profile menu
  2. Tap Add Factor and select OneLogin Protect from the list of enabled authentication factors, then tap Activate.

    OneLogin Security Factors
    OneLogin Security Factor selection
    Troubleshooting

    If OneLogin Protect doesn't appear in your list of possible factors, it means that your organization has not configured it for multi-factor authentication (MFA) or that they've configured it but haven't assigned it to your user policy. Contact your administration for more information.

  3. Tap Activate to launch the OneLogin Protect app.

    This mobile device is now configured with OneLogin Protect! If you get a new phone or tablet in the future, you will need to repeat these steps to register the new device as your authentication method. Your old device will also remain configured as an authentication factor unless it is manually removed.

    Activate

Using Your Computer or Another Device

  1. Log in to your OneLogin portal from a web browser and go to your Profile. In the Security Factors menu, click Add Factor.

    OneLogin Security Factors
  2. Select OneLogin Protect from the list of enabled authentication factors.

    Troubleshooting

    If OneLogin Protect doesn't appear in your list of possible factors, it means that your organization has not configured it for multi-factor authentication (MFA) or that they've configured it but haven't assigned it to your user policy. Contact your administration for more information.

    Select a Security Factor
  3. In the OneLogin Protect app, tap the + to add an account.

    Android:

    OneLogin Protect for Android

    iOS:

    OneLogin Protect for iOS
  4. Click Activate in your web browser. Verify that iPhone & Android is selected in the dropdown menu and scan the QR code with your mobile device. If OneLogin Protect requests permission to use your camera, tap Allow.

    Activate OneLogin Protect
    OneLogin Protect QR Code
    Troubleshooting
    I can't scan the QR code.

    Ensure that OneLogin Protect has access to your camera by checking that Camera is toggled on in the iOS app settings and that it appears in the Permissions in the Android app info.

    If you're still unable to scan the code, you can enter it manually by tapping Enter code instead in the mobile app and clicking Can't scan the code? in your web browser. This will provide you with a randomized code you can enter manually to complete authentication.

    Mobile - Enter Code Instead
    Desktop - Can't Scan Code
  5. When the code is accepted, the mobile app displays a green check and refreshes, displaying your account ready to authenticate.

    This mobile device is now configured with OneLogin Protect! If you get a new phone or tablet in the future, you will need to repeat these steps to register the new device as your authentication method. Your old device will also remain configured as an authentication factor unless it is manually removed.

    QR Code Confirmed

 


 

Authenticating With OneLogin Protect

  1. The next time your OneLogin account requires authentication, the login screen advises that your mobile device is ready for your approval.

    Notification Sent
  2. OneLogin sends a notification to the device. Tap the notification to accept it, then unlock your device to allow one OneLogin to automatically send the OTP and log you in to your portal.

    Notification Sent
    Troubleshooting
    I'm not receiving push notifications on my phone or tablet.

    When your device is first added as a factor, the push notification connection may take a few hours to complete. If you're still not receiving push notifications after this time, verify that notifications are turned on in the app settings and that OneLogin Protect has permission to send them in your device settings.

    If you're still not receiving push notifications, contact your administrator about possible network issues preventing communication between your account and OneLogin Protect app. In the meantime, you can manually grant access by opening OneLogin protect and tapping Tap to unlock to view and enter your OTP. The OTP changes every 30 seconds and is indicated by the timer wheel to the right.

    Important: Apple Watch notifications are managed by your iPhone settings and not by the OneLogin Protect settings. Any functionality that OneLogin Protect provides your Apple Watch is native to the Apple platform and not officially supported by OneLogin. If your administrator requires biometric verification to log in, the notification that arrives on your Apple Watch will need to be confirmed with a device that uses biometrics.

 


 

Removing OneLogin Protect

Deleting an account from the device will not disable the account. You may still receive push notifications if the device remains registered and is the default factor. Follow these steps to fully remove OneLogin Protect from your authentication factors:

  1. Return to Security Factors in your OneLogin Portal. Open the menu to the right of OneLogin Protect and click Remove.
  2. If your admin has required MFA, you may be prompted to choose or create a new primary factor. Follow the prompts on your screen, then click Remove to confirm you want to remove OneLogin Protect.

Remove OneLogin Protect

 


 

Troubleshooting
OneLogin Protect for iOS is using an incorrect email address.

Under some circumstances, Protect for iOS may default to using the email address associated with the user's iPhone. Administrators can resolve this in the branding configuration by ensuring the Recipient Email Field is set to Email.

 


 

Number Matching

This feature is currently in Early Preview. If it does not appear, either it has not yet been made available for your account or your administration has chosen to disable it.

This feature requires OneLogin Protect 4.8.9 for Android or OneLogin Protect 4.8.0 for iOS.

On authenticating, you may be presented with the new number matching feature for increaesd security. If prompted, simply enter the number displayed at login into your mobile device to complete authentication

Browser - Number Matching


To authenticate with Apple Watch:

  1. Tap Enter Number on your Apple Watch.

  2. Tap Reply.

  3. Tap the microphone icon and speak the number aloud to provide it by voice.

  4. Tap Send.

App - Number Matching

Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo