Migrate to another authenticator application
If you've configured multi-factor authentication that uses an authenticator generating passcodes, users may need to rescan the QR code later.
For example, you may want users to migrate to another authenticator app, or a user may have lost their mobile device and doesn't have a backup. For supported authenticator apps, see Third-party authenticator support.
Delete issued tokens in the firewall
You must stop allowing passcodes generated by the previous authenticator application. Do as follows on the web admin console:
- Go to Authentication > Multi-factor authentication.
- Under One-time password (OTP), make sure Generate OTP token with next sign-in is turned on.
- Under Issued tokens, select the users using the unsupported application and click the delete button .
Users rescan the QR code
The users whose tokens you've deleted must do as follows:
-
Sign in to the user portal using only the password.
They must not enter the passcode generated by the old app because it becomes invalid. The QR code appears.
-
Scan the QR code shown using a supported authenticator app.
- Sign in to the user portal using the password followed by the generated passcode, for example,
<password><passcode>
.