Users are prompted to enter a verification code after signing in

Multi-factor authentication is a method for providing additional security for users who sign in with username and password. After signing in, users are prompted to enter a verification code — one-time password that is only valid for a short time. The password is generated by an app on the user's mobile device.

The app on the user's mobile device employs the standard time-based one-time password (TOTP) algorithm to generate the code. Any two-factor authentication app that can scan a QR code, and which uses the TOTP algorithm should work.

First-time sign-in

The first time users sign in — after providing a valid username and password — they are shown a QR code they scan using the TOTP app to register for multi-factor authentication.

The QR code includes a unique secret that the app combines with the current time to generate the one-time password. During verification, Medallia Web reporting uses the same algorithm to generate an identical password. After signing in, users consult the app to get the password to provide to Medallia Web reporting, which compares the app code with the server code for verification.

When email-based authentication is enabled, Medallia Experience Cloud generates the verification code for the current time window. The mail server sends the email with the generated code to the user at their configured email address. During sign in, users enter the code and — if it their code is valid — Experience Cloud establishes a session and redirects users to the dashboard.

Multi-factor authentication is not

• a replacement for an authorization feature.
• for users who sign-in with Single sign-on (SSO).
• a replacement for IP allow-listing (see Logon restrictions).