Mobile app vs non-app authentication

This topic describes messages related to the CyberArk Mobile app and phone/text/email authentication that may appear in Remote Access. For each message, there is an explanation of why it happened and what you can do to continue working.

Vendors can authenticate to Remote Access using either the CyberArk Mobile app or with phone/text and email tokens, but not both. This is defined the first time vendors join Remote Access. After a vendor has joined Remote Access, the authentication method cannot be changed.

Message: You are not allowed to join without the CyberArk Mobile app

This message appears when you try to join an Remote Access tenant with phone/text and email tokens, but your user is configured to log in with the CyberArk Mobile app.

  • Authenticate with the CyberArk Mobile app

Or

  • Delete your Remote Access profile from the CyberArk Mobile app, then ask your Remote Access admin to send you a new invitation, allowing you to authenticate with phone/text and email tokens

Message: You can only sign in with the CyberArk Mobile app

This message appears when you try to sign into an Remote Access tenant with phone/text and email tokens, but your user is configured to log in with theCyberArk Mobile app.

Your user is already configured to authenticate to Remote Access via the CyberArk Mobile app. You can't change this with an active user.

  • Authenticate with the CyberArk Mobile app

Or

  • Delete your Remote Access profile from theCyberArk Mobile app, then ask your Remote Access admin to send you a new invitation, allowing you to authenticate with phone/text and email tokens.

Message: The phone number input is assigned to a vendor who can only authenticate via phone/text and email tokens

This message appears when you attempt to invite a vendor to a tenant without allowing them to authenticate via phone/text and email tokens, and this vendor is already registered in Remote Access as a non-app user in a different tenant. Vendors can authenticate to Remote Access using either the CyberArk Mobile app or with phone/text and email tokens, but not both. This authentication method for vendors is defined globally in the system, and applies to this vendor in any tenant to which they are invited.

 

If John (tenant admin) invites Fred (vendor) to join Tenant A , allowing him to use phone/text and email tokens and Fred joins using this method, then Sheila (tenant admin) in Tenant B cannot invite Fred to join her tenant without allowing him to use phone/text and email tokens. Once Fred has joined Tenant A using phone/text and email tokens, he can only be invited to and join additional tenants with the same authentication method.

When inviting this vendor, enable Allow vendor to authenticate via SMS & email tokens instead of the CyberArk Mobile app.

Message: This vendor cannot be included on this delegated invitation

The delegated vendor defined in this invitation has already registered in Remote Access as a non-app user. Accordingly, they cannot be included in an invitation that requires authentication via the CyberArk Mobile app, and does not allow authentication via phone/text and email tokens.

Vendors who authenticate to Remote Access using phone/text and email tokens, can only be invited to additional tenants using invitations or delegated invitations that allow phone/text and email token authentication. This authentication method for vendors is defined globally in the system, and applies to this vendor in any tenant to which they are invited.

 

If Jessica (subvendor) authenticates to Remote Access with phone/text and email tokens, John (vendor admin) cannot create a delegated invitation for her that doesn't allow this authentication method. However, this cannot be configured by John, and can only be configured in the first tenant invitation.

Request a new invitation from the tenant admin that allows authentication via phone/text and email tokens.

Message: This email does not match the phone number in Remote Access

The vendor phone number in this invitation is already registered in Remote Access with a different email address. The vendor phone number/email pairs must be identical for any tenants they are invited to.

 

If John in Tenant A invited Fred with a specific phone number and email, Sheila in Tenant B must invite Fred using the same phone number and email.

Make sure that the email address is correct for the vendor's phone number.