For Helpdesk Staff: How do I create a temporary code to help users access OneLogin?
Answer
If a user is having trouble getting one of the multi-factor authentication (MFA) options set up, you can help them gain access to OneLogin by generating an 8-digit temporary code. That code can then be entered by the user on their OneLogin login screen.
1. Log in to your OneLogin account. You have special administrative privileges as a library helpdesk employee.
2. Click on "Administration" in the upper, right-hand corner.
3. Click "Users."
4. Enter the username.
5. Click on the user to open their profile.
6. Under the "User Info" menu at the left, choose "Authentication."
7. Scroll down to "Multi-factor methods" and click "Generate" next to "Temporary OTP token."
8. Make sure to changeThis is a one-time-use token that expires after 24 hours to allow users to finish their MFA setup within OneLogin.
9. Note the 8-digit number under "Temporary token." Also note that the code says "Expires in 24 hours."
10. Instruct the user to log in to OneLogin using their Carthage email address and this code. The user should navigate to carthage.onelogin.com in a browser and enter their Carthage username and password. They will get a screen that says "Onelogin Temporary Code" after we generate one for them on the admin side. That, however, is not the screen to put the token. They should click a link below that box that says "Change Authentication Factor."
11.The next screen will say "Select Authentication Factor." They should choose "Onelogin Temporary Code." Then have them enter the temporary token that you generated.
12. Instruct users to finish their MFA setup by clicking on their name in the upper, right-hand corner, then choose "Profile." Click on "Security Factors" to finish setting up their MFA option. (Normally this step is done during the initial login and setup, but sometimes that doesn't work perfectly for users. This is a good workaround.) They should "Add Factor."
13. Users may then choose whichever authentication factor they want to use. It can be the same one they are currently using and need help with. If they choose OneLogin Protect, they should be prompted with another QR code, etc.
