Users are prompted to enter a verification code after signing in

Multi-factor authentication is a method for providing additional security for users who sign in with username and password. After signing in, users are prompted to enter a verification code — one-time password that is only valid for a short time. The password is generated by an app on the user's mobile device.

The app on the user's mobile device employs the standard time-based one-time password (TOTP) algorithm to generate the code. Any two-factor authentication app that can scan a QR code, and which uses the TOTP algorithm should work.

First-time sign-in

The first time users sign in — after providing a valid username and password — they are shown a QR code they scan using the TOTP app to register for multi-factor authentication.

The QR code includes a unique secret that the app combines with the current time to generate the one-time password. During verification, Medallia Web uses the same algorithm to generate an identical password. After signing in, users consult the app to get the password to provide to Medallia Web, which compares the app code with the server code for verification. 

Multi-factor authentication is not

• a replacement for an authorization feature.
• for users who sign-in with Single sign-on (SSO).
• a replacement for IP allow-listing (see Logon restrictions).