Registering your MFA credential

Depending on your agency's implementation, you may be able to optionally register a hardware key and/or an authenticator application. The following procedures explain each type of registration.

Note: If you are required to use MFA, please refer to the procedure Registering your required MFA credential. The steps are slightly different from opting in to using MFA.

Registering a hardware credential

Before you begin, you must have a hardware credential such as a YubiKey.

To register your hardware credential, take these steps:

  1. Log in to the application. The Home page opens.

  2. If you are assigned more than one role in the application, select the role that is enabled for MFA registration. For example, if the Administrator has enabled MFA for HR Administrators and you are assigned the HR Administrator role, select HR Administrator from the role menu.

  3. Click the Settings icon in the upper right corner of the Home page. The employee profile > Settings page opens.

  4. Click the Security tab. The Security page opens.

    • MFA must be enabled for your role in order for the Security tab to display. Contact the Administrator if you have questions or need assistance.

  5. Click Register a Hardware Key. The Register a Hardware Key panel opens.

  6. Type a unique Name for the credential and then click Continue. The browser displays a pop-up with a message such as "Tap your security key on the reader or insert it into the USB port."

  7. Perform the requested actions until the browser pop-up pages are finished and the Register a Hardware Key panel closes.

  8. If this is the first time you have registered a credential, a modal titled "Save Your Recovery Code!" displays. Click Copy to Clipboard. Paste the recovery code in a place where you can retrieve it later if needed.

    • IMPORTANT! UKG GovTA does not store the recovery code. Treat the recovery code as a password and save it in a secure location. The code can be used in lieu of your hardware security device, for example, if it's temporarily misplaced or lost.

Registering an authenticator application

Before you begin, you must have an authenticator app installed on a personal device such as a mobile phone or tablet. You may use any authenticator app as long as it supports time-based one-time passwords (TOTP). Example applications include Google Authenticator, Authy (Twilio), Duo Mobile, LastPass, and Microsoft Authenticator. Set up an account with the authenticator app before you begin the procedure below.

To register your authenticator app, take these steps:

  1. Log in to the application. The Home page opens.

  2. If you are assigned more than one role in the application, select the role that is enabled for MFA registration. For example, if the Administrator has enabled MFA for HR Administrators and you are assigned the HR Administrator role, select HR Administrator from the role menu.

  3. Click the Settings icon in the upper right corner of the Home page. The employee profile > Settings page opens.

  4. Click the Security tab. The Security page opens.

    • MFA must be enabled for your role in order for the Security tab to display. Contact the Administrator if you have questions or need assistance.

  5. Click Register an Authenticator App. The Register an  Authenticator App pop-up opens. The pop-up displays a Name text box, a QR code, and a key code as an alternative to the QR code.

  6. Type a unique Name for the credential and then open the app on your device and perform one of the following actions. If you run out of time and the system logs you out, simply log back in to the application and repeat this procedure starting at the first step.

    • Use the app on your device to scan the QR code under the section "Scan this QR Code with your app." In response, the authenticator app on your device displays a six-digit code. In the application, click Next. The Register an Authenticator App pop-up refreshes and displays "Enter confirmation code" followed by a text box. Type the six-digit code in the text box and click Verify Code. A success message displays.

    • As an alternative to scanning the QR code, refer to the code in the section labeled "Or enter this code in your app" and type the code in the app on your device. In response, the authenticator app on your device displays a six-digit code. In the application, click Next. The Register an Authenticator App pop-up refreshes and displays "Enter confirmation code" followed by a text box. Type the six-digit code in the text box and click Verify Code. A success message displays.

  7. If this is the first time you have registered a credential, a modal titled "Save Your Recovery Code!" displays. Click Copy to Clipboard. Paste the recovery code in a place where you can retrieve it later if needed.

    • IMPORTANT! UKG Gov does not store the recovery code. Treat the recovery code as a password and save it in a secure location. The code can be used in lieu of your hardware security device, for example, if it's temporarily misplaced or lost.

Related Topics

Using your MFA recovery code