Managing authenticator accounts

Mobile Authenticator Studio facilitates users to manage their accounts with the following features:

• Add additional accounts

• Rename authenticator account

• Delete an authenticator account

Add additional accounts

If configured accordingly, Mobile Authenticator Studio allows more than one account to be activated on a device. This enables a user to approve transactions from more than one account from a single device. After adding an additional account, your Mobile Authenticator Studio is referred to as a multi-account implementation.

Adding an additional account with one activated account already on the device

A user may want to enable an additional account on their device. In this scenario, the user has already activated one account on their device, and now needs to add an additional user account. Follow the steps below to add an additional account on your device:

1. The user must tap the three dots at the top of the screen to access the menu and tap the Manage accounts option.

   

   Add additional accounts - menu

2. The user taps Scan Code.

3. The user points the device camera at the QR code or Cronto image on the third-party application or web page to initiate linking the additional account to the device. A code appears.

4. The user enters the code into the third-party application or web page.

5. The user scans the QR code or Cronto image.

6. The app displays the Use PIN screen, informing the user they can now use the PIN.

7. The user chooses their preferred authentication method for future access:

   • Use FaceID

   • Use Touch ID

   • Skip to use PIN instead of biometric authentication

     If the user selects to skip setting up biometric authentication at this stage, they can enable this feature anytime later via the Mobile Authenticator Studio menu. For more information, see Biometric authentication.

8. The user gives Mobile Authenticator Studio permission to use Face ID or Touch ID.

9. The user's biometric authentication is collected.

10. The user enters a code into the third-party application or web page to activate the authentication account.

11. (Optional, if notifications are enabled in the app configuration) The user gives Mobile Authenticator Studio permission to send notifications from the third-party application or web page by tapping Allow notifications.

12. When the activation is successful, the user is taken to the Manage Accounts screen with a list of all activated accounts.

13. If at any time the user taps Cancel they will see a cancel confirmation screen and can restart the activation process.

14. If something goes wrong, the user will be notified with an error message and tapping Start over will restart the activation procedure from the beginning.

After activating the additional account, the user will need to confirm which account they want to use for the following transaction types:

• Manual Transaction Data Signing

• Scan and sign

• Push and sign / app-to-app approval

• One-time password

Adding several additional accounts with two or more activated accounts already on the device

A user may want to enable multiple additional accounts on their device. In this scenario, the user has already activated two or more user accounts on their device, and now needs to add an additional user account. Note that all of the accounts must be activated before they can be used for any transactions. Follow the steps below to add an additional account on your device:

1. The user must tap the three dots at the top of the screen to access the menu and tap the Manage Accounts option.

   

   Add multiple accounts - menu

2. On the Manage accounts screen, the user must tap Add Account in the right upper corner.

3. The user taps Scan Code.

4. The user points the device camera at the Cronto image on the website to initiate linking the additional account to the device. A code appears.

5. The user is prompted to enter this code into the third-party application or web page.

6. The user scans the Cronto image.

7. If for the previously added accounts the user did not set up biometric authentication or biometric authentication was disabled, the user can now choose the preferred biometric authentication method for future access:

   • Use FaceID

   • Use Touch ID

   • Skip to use PIN instead of biometric authentication

8. The user gives Mobile Authenticator Studio permission to use Face ID or Fingerprint.

9. The user's biometric authentication or PIN is collected.

10. The user enters a code into the third-party application or web page to activate the authentication account.

11. The user gives Mobile Authenticator Studio permission to send notifications from the third-party application or web page.

12. If the user has not permitted receiving notifications before, they tap Allow notifications to grant Mobile Authenticator Studio permission to send notifications.

13. The user is taken to the Manage Accounts screen with a list of all activated accounts.

After activating the additional accounts, the user will need to confirm which account they want to use for the following transaction types:

• Manual Transaction Data Signing

• Scan and sign

• Push and sign / app-to-app approval

• One-time password

Rename authenticator account

Depending on the Mobile Authenticator Studio configuration, users can rename or delete each account in the Settings menu of the app. Renaming an authenticator account only affects the text displayed to the user on launching the Mobile Authenticator Studio app. By default, the name of an account is its serial number.

When the user wants to rename an existing account on their device, they need to perform the following steps in the app menu.

To rename an account

1. The user taps the three dots at the top of the screen to access the menu and tap the Manage account option.

2. From the list of activated accounts, the user selects an account and taps the adjacent three dots icon.

3. The user taps Rename in the drop-down menu.

4. The user enters a new name for an existing account in the text field.

5. The user taps Save for the change to take affect. The new name now appears in the Manage accounts menu.

Delete an authenticator account

An authenticator account can be deleted from the Mobile Authenticator Studio app via the Settings menu if the Delete option has been activated. When an authenticator account is deleted, the user must confirm the deletion. Once an authenticator account is deleted, the user can continue to use any of the activated accounts or activate a new one. If the deleted account was the last activated account, the user is prompted to activate a new accoutn.

The authenticator accounts are deleted with all other data of the authenticator when the Mobile Authenticator Studio app is uninstalled.

A user cannot activate an account with the same serial number of an activated account. Account deletion is configured by the enabled attribute of the DeleteInstance element in the configuration file.

Acocunt deletion can be activated even if the app does not support multiple accounts. This allows users to destroy an authenticator without uninstalling and re-installing the app.

To delete an account

When the user wants to delete an account from their device, the user's device will no longer be paired to the app for authentication. The following workflow describes how to delete an account for a multi-user account.

1. The user is presented with the activated authenticator home screen with the Scan Code button.

2. The user taps the three dots at the top of the screen to access the menu and taps Manage accounts.

3. On the Manage accounts screen, the user is presented a list of active accounts and needs taps the three dots next to the appropriate account they wish to remove and taps Delete.

4. The user sees an alert message asking them to confirm the deletion and taps Delete again.

5. If there are additional accounts activated on the device, user is returned to the list of remaining active accounts.

6. If there are no other accounts activated on the device, the user is taken to the Home screen and can begin the process of activating a new account.