Registering your required MFA credential

If your agency requires multi-factor authentication, you must obtain a registered credential before you can continue using the system. Depending on the agency's implementation, you may be able to register a hardware key and/or an authenticator application. The following procedures explain each type of registration.

Registering a hardware credential

Before you begin, you must have a hardware credential such as a YubiKey.

To register your hardware credential, take these steps:

  1. Click Register a Hardware Key. The Register a Hardware Key panel opens.

  2. Type a unique Name for the credential and then click Continue. The browser displays a pop-up with a message such as "Tap your security key on the reader or insert it into the USB port."

  3. Perform the requested actions until the browser pop-up pages are finished and the Register a Hardware Key panel closes.

  4. If this is the first time you have registered a credential, a modal titled "Save Your Recovery Code!" displays. Click Copy to Clipboard. Paste the recovery code in a place where you can retrieve it later if needed and then close the modal.

    • IMPORTANT! UKG Gov does not store the recovery code. Treat the recovery code as a password and save it in a secure location. The code can be used in lieu of your hardware security device, for example, if it's temporarily misplaced or lost.

  5. Click Continue. The Home page displays for the role that is required to use MFA.

Registering an authenticator application

Before you begin, you must have an authenticator app installed on a personal device such as a mobile phone or tablet. You may use any authenticator app as long as it supports time-based one-time passwords (TOTP). Example applications include Google Authenticator, Authy (Twilio), Duo Mobile, LastPass, and Microsoft Authenticator. Set up an account with the authenticator app before you begin the procedure below.

To register your authenticator app, take these steps:

  1. Click Register an Authenticator App. The Register an  Authenticator App pop-up opens. The pop-up displays a Name text box, a QR code, and a key code as an alternative to the QR code.

  2. Type a unique Name for the credential and then open the app on your device and perform one of the following actions. If you run out of time and the system logs you out, simply log back in to the application and repeat this procedure starting at the first step.

    • Use the app on your device to scan the QR code under the section "Scan this QR Code with your app." In response, the authenticator app on your device displays a six-digit code. In the application, click Next. The Register an Authenticator App pop-up refreshes and displays "Enter confirmation code" followed by a text box. Type the six-digit code in the text box and click Verify Code. A success message displays.

    • As an alternative to scanning the QR code, refer to the code in the section labeled "Or enter this code in your app" and type the code in the app on your device. In response, the authenticator app on your device displays a six-digit code. In the application, click Next. The Register an Authenticator App pop-up refreshes and displays "Enter confirmation code" followed by a text box. Type the six-digit code in the text box and click Verify Code. A success message displays.

  3. If this is the first time you have registered a credential, a modal titled "Save Your Recovery Code!" displays. Click Copy to Clipboard. Paste the recovery code in a place where you can retrieve it later if needed and then close the modal.

    • IMPORTANT! UKG GovTA does not store the recovery code. Treat the recovery code as a password and save it in a secure location. The code can be used in lieu of your hardware security device, for example, if it's temporarily misplaced or lost.

  4. Click Continue. The Home page displays for the role that is required to use MFA.

Related Topics

Using your MFA recovery code