Setting up the offline MFA profile (multi-factor authentication)

If you are required to use multi-factor authentication, you may be prompted to set up an offline MFA profile so that you can access your computer in the event that the Centrify authentication server cannot be reached.

Note:   If you have already set up your offline MFA profile and want to reconfigure (override) it, you will be prompted for multi-factor authentication. That profile is set in the MFA Login Policy.

If your administrator has enabled offline multi-factor authentication, you will see a notification message each time you log on which will prompt you to set up your offline MFA profile. Depending on the configuration settings, you may not be able to access your machine in the event that you are unable to connect to the authentication server if you do not set up the offline MFA profile.

To set up an offline MFA profile:

  1. Right click the Centrify notification icon in the system notification area, and select Setup Offline MFA Profile.
  2. Click Next to begin the Offline Authentication Wizard.
  3. Select one of the following methods to create an authenticator account profile on your mobile device:

    • Scan barcode

      If you select this option, a QR code is displayed for you to scan using your mobile authenticator application. You can use either the Centrify application or a third-party authenticator application.

    • Manual entry

      If you select this option, you must manually enter the displayed account profile information into your authenticator application.

    • Program YubiKey

      If you select this option, you can use a YubiKey as the second form of authentication. You'll then need to select which slot on the YubiKey to use, and whether or not to use Yubikey's touch-to-sign feature.

  4. Enter the passcode that is generated after you have created your authenticator profile. Click Next.
  5. Click Finish to exit the Wizard.

After you have set up your offline MFA profile, you will be prompted to enter the mobile passcode generated by your authentication application as the second form of authentication when you attempt to log on to your machine if it cannot connect to the Centrify authentication server.