Multi-factor authentication

Users are prompted to enter a verification code after signing in

Multi-factor authentication is a method for providing additional security for users who sign in with username and password. After signing in, users are prompted to enter a verification code — one-time password that is only valid for a short time. The password is generated by an app on the user's mobile device.

User signs in and is then prompted to provide a verification code

Note: Multi-factor authentication sometimes called two-factor authentication because it requires two separate authentication mechanisms: username+password and verification code.

The app on the user's mobile device employs the standard time-based one-time password (TOTP) algorithm to generate the code. Any two-factor authentication app that can scan a QR code, and which uses the TOTP algorithm should work.

First-time sign-in

The first time users sign in — after providing a valid username and password — they are shown a QR code they scan using the TOTP app to register for multi-factor authentication.

Users scan the QR code using the TOTP app

Important: The QR code is only presented the first time a user signs in when multi-factor authentication is enabled for their role. It is not shown again! Users cannot complete the sign-in until they enter a verification code. So it is important they scan the QR code and register Medallia Web reporting with their app before leaving the page.

If the user leaves the QR code page before scanning the code, or if they have problems registering, they will need to have their secret code reset.

The QR code includes a unique secret that the app combines with the current time to generate the one-time password. During verification, Medallia Web reporting uses the same algorithm to generate an identical password. After signing in, users consult the app to get the password to provide to Medallia Web reporting, which compares the app code with the server code for verification.

Users enter the one-time password generated by the app

When email-based authentication is enabled, Medallia Experience Cloud generates the verification code for the current time window. The mail server sends the email with the generated code to the user at their configured email address. During sign in, users enter the code and — if it their code is valid — Experience Cloud establishes a session and redirects users to the dashboard.

Multi-factor authentication is not