Delinea Authenticator App

You can use the Delinea Authenticator to securely log in to the Delinea Platform.

The Authenticator app is different from the Delinea Mobile authentication feature.

Delinea Authenticator offers simple and secure multi-factor authentication (MFA) methods for your Delinea Platform tenant. You can approve MFA push notifications using device biometrics or copy the generated time-based one-time passwords (TOTP) specific to your account and tenant.

You can download the Authenticator app from the following sources: 

Registering the Authenticator App

With the Delinea Authenticator you can register to one or more Delinea Platform tenants.

To register the Authenticator app with your Delinea Platform tenant: 

  1. Log in to your Delinea Platform instance .

  2. Open your user profile page and select the Applications tab.

  3. Download the Authenticator app, if you haven't already. Follow the onboarding steps provided within the app to proceed.

  4. Once you open the app, it prompts you to scan the registration QR code.

  5. After you scan the QR code, you see your tenant represented within the app. You can change the name of the tenant if desired.

    To register additional tenants, tap the QR code button on the home screen of the app and scan the QR code in the Delinea Platform tenant.

Log in to the Delinea Platform

You can log in to the Delinea Platform using the TOTP code found in the Delinea Authenticator.

To log in to the Delinea Platform:

  1. Enter your Delinea tenant URL in your web browser.

  2. On the Log in screen, enter your username and click Next.

  3. Select Delinea Authenticator as your authentication method, and click Next.

    If this option does not appear, the Delinea Authenticator has not been enabled in your tenant authentication profile. For more information, see Identity MFA Profiles.

    A notification appears on your registered device.

  4. Tap the notification. Biometric unlock runs automatically.

  5. Complete your authentication by one of the following:

    • Tap Approve.

    • Tap Dismiss and then enter the 8-digit TOTP code from the Delinea Authenticator app into the MFA screen.

Setting Up Biometric Unlock

The Delinea Authenticator requires biometric authentication. After you register the app, it prompts you to use biometry; select Yes. Once enabled, the app performs a biometric check and you can proceed through application setup.

The app prompts you for biometric authentication at launch and during any additional authentication requests.

Push Notifications

During the onboarding process, the app prompts you to enable notifications to your device. Enable notifications to receive push alerts during an MFA event.

Once enabled, you receive push notifications along with in-app alerts containing the necessary information to approve the request.

Copying TOTP Codes

With the Delinea Authenticator you can copy and paste TOTP codes specific to your platform tenant.

To copy TOTP codes from the Delinea Authenticator: 

  1. Launch the Authenticator app on your device.

  2. Find the tenant card for your desired Delinea Platform tenant.

  3. Tap the TOTP code to copy.

  4. A confirmation message appears on the bottom of your screen indicating that the code has been copied to your clipboard.

Configure Apps in Delinea Platform

As an administrator, you can configure the length of the generated TOTP codes in the Delinea Authenticator app. For more information, see TOTP in the Secret Server documentation.

Also, as an administrator, you can require users to complete the Delinea Authenticator setup at login. This requirement will prompt users to register Delinea Authenticator for future logins or set-up MFA requests. See Identity MFA Profiles for more information.

Unregistering the Delinea Authenticator App

You can unregister the Authenticator app from your tenant at any time.

Due to necessary backend migration work for the Authenticator app, you may see multiple records for the Delinea Mobile app on the Applications tab in your User Profile. If this occurs, you can unregister the older record so that only the updated record remains visible. This does not impact functionality.

To unregister a tenant from the Authenticator app:

  1. Open the application settings.

  2. Select your tenant to unregister.

  3. Tap Unregister.

    To register your tenant again, follow Registering the Authenticator App.

To unregister the Authenticator App in Delinea Platform:

  1. Open the Applications tab in Platform.

  2. Locate the application record and tap the kabob menu on the card.

  3. Then tap Unregister.

Authenticator Functionality from the Delinea Mobile Application Removed

If you are an existing Delinea Mobile application user and you have set up the Delinea Authenticator for your account, you will no longer have authenticator functionality in Delinea Mobile. Users who have not set up the Delinea Authenticator can still use the Delinea Mobile authentication feature.

Once you configure the Delinea Authenticator, the Delinea Platform sends all future MFA requests to it, eliminating the need for any additional action on your part.