Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Migrate to another authenticator application

If you've configured multi-factor authentication that uses an authenticator generating passcodes, users may need to rescan the QR code later.

For example, you may want users to migrate to another authenticator app, or a user may have lost their mobile device and doesn't have a backup. For supported authenticator apps, see Third-party authenticator support.

Delete issued tokens in the firewall

You must stop allowing passcodes generated by the previous authenticator application. Do as follows on the web admin console:

  1. Go to Authentication > Multi-factor authentication.
  2. Under One-time password (OTP), make sure Generate OTP token with next sign-in is turned on.
  3. Under Issued tokens, select the users using the unsupported application and click the delete button .

Users rescan the QR code

The users whose tokens you've deleted must do as follows:

  1. Sign in to the VPN or user portal using only the password.

    They must not enter the passcode generated by the old app because it becomes invalid. The QR code appears.

  2. Scan the QR code shown using a supported authenticator app.

  3. Sign in to the VPN or user portal using the password followed by the generated passcode, for example, <password><passcode>.