Here are some common questions Admins and users may have when using Authy for Two-Step Login Verification (TSLV).
Click here to learn more about the registration process with the Authy mobile app.
Frequently Asked Questions
Can TSLV from a Single Sign-On (SSO) Provider (Okta, OneLogin, etc.) be used?
Yes, the user will be able to use Two-Step Login Verification from their SSO Provider.
Do users have to install the Authy App?
The Basic Two-Factor Authentication (Two-Step Login Verification) included in Business, Enterprise Lite and Enterprise plans only allows using Authy Mobile App for authentication. It does not allow SMS or voice call based methods (available on the Enterprise plan).
Simultaneously, even when SMS or voice call based second step login verification methods are available, we still recommend installing and registering the Authy App as it is the easiest and most secure solution.
Can a user enroll for two-step login verification from a Trusted Network?
Yes, users will be able to enroll even when accessing from an allowed IP address (e.g., from the office network). Upon enrollment, logins from trusted networks will not require Two-Step Login Verification.
Sometimes, a user needs to use the same device to authenticate more than one user profile from the same domain. Is this possible?
Yes, however, they will be required to use the SMS or VoiceCall enrollment workflow to register another user. Once enrolled, all of the users registered with the same device will use all of the available authentication methods.
Can the users use Virtual Numbers like Google Voice or Skype for text or voice call authentication?
No, Authy does not allow the use of Virtual Numbers (Google Voice, Magic Jack, Skype…) for text message or voice call authentication. The users can use the Authy Mobile App as an alternate option.
Is it possible to see who enabled TSLV for a user?
Yes, Administrators or Power Users with the Can run reports role can pull the User Provisioning report to see who enabled TSLV for the user. They will find the User that completed the action (Admin or Power User) in the "Performed by" column and the action (Two-step Login Verification enabled) in the "Action Info" column.
Can internal network IP address(es) be whitelisted in Trusted Networks?
No, internal IP address(es) are not supported for security reasons.
Any country-specific restrictions with SMS?
Twilio is currently unable to ensure that messages sent to mainland China are reliably delivered because of restrictions around content, encoding, signatures, and use cases. These restrictions have resulted in the blocking of seemingly legitimate and registered customer traffic. Due to this, Twilio is currently unable to support China message registration, and messages sent through Twilio would be delivered on a best-effort basis with limited support only.