Multi-Factor Authentication

During the initial sign-in process, Team Members and Contributors will be asked to configure at least one Multi-Factor Authentication (MFA) device. MFA can be viewed and edited at the Account Security of SSO-eligible users.

The FIRST identity platform supports the following multi-factor options:

1. WebAuthn-compliant Security Keys / Biometrics (Most Secure / Preferred)

Supported Options: Most WebAuthn / FIDO2 compliant solutions should be supported. FIRST is unable to test all options / platforms. The following options have been successfully tested:

• Biometrics:
  • Apple FaceID / TouchID
  • Windows Hello
• Passkeys
• Hardware Authenticators: Titan Security Keys, Yubikeys

1. Under 'Add another authentication method' select 'Security Keys'.
2. Connect your Security Key and click Continue.
3. Follow the steps in your browser.
4. Name your Security Key to more easily identify it later.

2. One Time Password (OTP)

Supported Options: Most TOTP compliant solutions should be supported. However, FIRST is unable to test all options / platforms. The following options have been successfully tested:

• Auth0 Guardian (Android, iOS)
• Authy (Android, iOS)
• Duo Mobile (Android, iOS)
• FreeOTP (Android, iOS)
• Google Authenticator (Android, iOS)
• Microsoft Authenticator (Android, iOS
• YubiKey Authenticator (Android, iOS)

1. Under 'Add another authentication method' select 'One-Time Password (OTP) Authenticators'.
2. Scan the QR code that is shown with your preferred authenticator app
3. Enter a 6-digit OTP code and click Continue
4. (Optional) Enter a name for this OTP to more easily identify it later.

3. Auth0 Guardian (Mobile App)

Download and install the mobile app from the following links: Android and iOS. The mobile application supports push notifications.

1. Download and install the mobile app from the links shown.
2. Under 'Add another authentication method' select 'Auth0 Guardian App' and click Continue.
3. Scan the QR code that is shown with the Auth0 Guardian app.
4. (Optional) Enter a name for this Auth0 Guardian configuration to more easily identify it later.

Related articles

• Page:
  What if I lose my MFA device / OTP and need to recover MFA?
• Page:
  I have lost or can no longer use the PGP key on file, can you update it with my new key?
• Page:
  What are the password setup/recovery options?
• Page:
  Do I need to setup a new account?
• Page:
  My question is not answered here, or I am having difficulties onboarding or using FIRST Portal or SSO-enabled services.