Adding an Authentication Factor

Your administrator may require biometric authentication for OneLogin Protect. If your device prompts you to enable biometric authentication during setup, confirm and follow the on-screen prompts.

Using Your Mobile Device

1. Log in to your OneLogin portal from the browser on your mobile device. If your admin has required multi-factor authentication (MFA) and you have not already configured at least one additional authentication factor, you may see a prompt requesting that you add one now. If so, tap Continue and follow the prompts on your screen. Otherwise, go to your Profile and choose Security Factors from the menu.

   

   

2. Tap Add Factor and select OneLogin Protect from the list of enabled authentication factors, then tap Activate.

   

   
   Troubleshooting

   If OneLogin Protect doesn't appear in your list of possible factors, it means that your organization has not configured it for multi-factor authentication (MFA) or that they've configured it but haven't assigned it to your user policy. Contact your administration for more information.

3. Tap Activate to launch the OneLogin Protect app.

   This mobile device is now configured with OneLogin Protect! If you get a new phone or tablet in the future, you will need to repeat these steps to register the new device as your authentication method. Your old device will also remain configured as an authentication factor unless it is manually removed.

   

Using Your Computer or Another Device

1. Log in to your OneLogin portal from a web browser and go to your Profile. In the Security Factors menu, click Add Factor.

   

2. Select OneLogin Protect from the list of enabled authentication factors.

   Troubleshooting

   If OneLogin Protect doesn't appear in your list of possible factors, it means that your organization has not configured it for multi-factor authentication (MFA) or that they've configured it but haven't assigned it to your user policy. Contact your administration for more information.

   

3. In the OneLogin Protect app, tap the + to add an account.

   Android:

   

   iOS:

   

4. Click Activate in your web browser. Verify that iPhone & Android is selected in the dropdown menu and scan the QR code with your mobile device. If OneLogin Protect requests permission to use your camera, tap Allow.

   

   
   Troubleshooting

   I can't scan the QR code.

   Ensure that OneLogin Protect has access to your camera by checking that Camera is toggled on in the iOS app settings and that it appears in the Permissions in the Android app info.

   If you're still unable to scan the code, you can enter it manually by tapping Enter code instead in the mobile app and clicking Can't scan the code? in your web browser. This will provide you with a randomized code you can enter manually to complete authentication.

   

   

5. When the code is accepted, the mobile app displays a green check and refreshes, displaying your account ready to authenticate.

   This mobile device is now configured with OneLogin Protect! If you get a new phone or tablet in the future, you will need to repeat these steps to register the new device as your authentication method. Your old device will also remain configured as an authentication factor unless it is manually removed.

   

Authenticating With OneLogin Protect

1. The next time your OneLogin account requires authentication, the login screen advises that your mobile device is ready for your approval.

   

2. OneLogin sends a notification to the device. Tap the notification to accept it, then unlock your device to allow one OneLogin to automatically send the OTP and log you in to your portal.

   
   Troubleshooting

   I'm not receiving push notifications on my phone or tablet.

   When your device is first added as a factor, the push notification connection may take a few hours to complete. If you're still not receiving push notifications after this time, verify that notifications are turned on in the app settings and that OneLogin Protect has permission to send them in your device settings.

   If you're still not receiving push notifications, contact your administrator about possible network issues preventing communication between your account and OneLogin Protect app. In the meantime, you can manually grant access by opening OneLogin protect and tapping Tap to unlock to view and enter your OTP. The OTP changes every 30 seconds and is indicated by the timer wheel to the right.

   Important: Apple Watch notifications are managed by your iPhone settings and not by the OneLogin Protect settings. Any functionality that OneLogin Protect provides your Apple Watch is native to the Apple platform and not officially supported by OneLogin. If your administrator requires biometric verification to log in, the notification that arrives on your Apple Watch will need to be confirmed with a device that uses biometrics.

Removing OneLogin Protect

Deleting an account from the device will not disable the account. You may still receive push notifications if the device remains registered and is the default factor. Follow these steps to fully remove OneLogin Protect from your authentication factors:

1. Return to Security Factors in your OneLogin Portal. Open the menu to the right of OneLogin Protect and click Remove.

2. If your admin has required MFA, you may be prompted to choose or create a new primary factor. Follow the prompts on your screen, then click Remove to confirm you want to remove OneLogin Protect.

Number Matching

This feature requires at minimum OneLogin Protect 4.8.9 for Android or OneLogin Protect 4.8.0 for iOS or later.

On authenticating, you may be presented with the new number matching feature for increased security. If prompted, simply enter the number displayed at login into your mobile device to complete authentication

---

To authenticate with Apple Watch:

1. Tap Enter Number on your Apple Watch.

2. Tap Reply.

3. Tap the microphone icon and speak the number aloud to provide it by voice.

4. Tap Send.