We've answered some common questions Admins and users may have when using Authy for Two-Step Login Verification (TSLV).
Click here to learn more about the registration process with the Authy mobile app.
Frequently Asked Questions
Can we use TSLV from a Single Sign-On (SSO) Provider (Okta, OneLogin, etc.)?
Yes, you'll be able to use Two-Step Login Verification from your SSO Provider.
Do users have to install the Authy App?
The Basic Two-Factor Authentication (Two-Step Login Verification) included in Business, Enterprise Lite and Enterprise plans only allows using Authy Mobile App for authentication. It does not allow SMS- or voice-call-based methods (available on the Enterprise plan).
Simultaneously, even when SMS- or voice call-based second-step login verification methods are available, we still recommend installing and registering the Authy App as it is the easiest and most secure solution.
As an Admin, can I use "Trusted Networks for Two-Step Login Verification?"
Yes, users will be able to enroll even when accessing the system from allowed IP address (e.g., from the office network). Upon enrollment, logins from trusted networks will not require Two-Step Login Verification.
Sometimes, I need to use the same device to authenticate more than one user profile from the same domain. Is this possible?
Yes, however, you'll be required to use the SMS/VoiceCall enrollment workflow to register another user. Once enrolled, all of the users registered with the same device will use all of the available authentication methods.
Can I use Virtual Numbers, like Google Voice or Skype, for text or voice call authentication?
No, Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. You can use the Authy Desktop App, Mobile App, or Google Chrome plugin as an alternate option.
Can I see who enabled TSLV for a user?
Yes, Administrators or Power Users with the Can run reports role can pull the User Provisioning report to see who enabled TSLV for the user. They will find the User that completed the action (Admin or Power User) in the "Performed by" column and the action (Two-step Login Verification enabled) in the "Action Info" column.
Can internal network IP address(es) be whitelisted in Trusted Networks?
No, internal IP address(es) are not supported for security reasons.
Any country-specific restrictions with SMS?
Twilio is currently unable to ensure that messages sent to mainland China are reliably delivered because of restrictions around content, encoding, signatures, and use cases. These restrictions have resulted in the blocking of seemingly legitimate and registered customer traffic. Due to this, Twilio is currently unable to support China message registration, and messages sent through Twilio would be delivered on a best-effort basis with limited support only.