Set up OTPs to authenticate to the User Portal

This topic describes how to use mobile-based authenticators (for example, Google Authenticator or the CyberArk Identity mobile app) to authenticate using one-time passcodes (OTPs).

You can use an OTP to log in to the User Portal . You use a third party authenticator (like Google Authenticator) or the CyberArk client application to scan a CyberArk Identity generated QR code and then configure the OTP. CyberArk supports any authenticator app that support the OATH TOTP standard. Refer to for more information.

If an internet connection is not available, you can also use an offline OTP to log in to the user portal . Users must log in first in online mode before an offline OTP profile is created.

If your system administrator enabled the policy setting, OTPs are automatically configured when you enroll an Android or iOS device with the CyberArk Identity mobile app.

If you have an enrolled Android or iOS device, after you successfully authenticate to your cloud agent--enrolled machine, you can refresh the Passcodes section of the CyberArk Identity mobile app to automatically create an offline OTP code.

Your system administrator must enable these features before you can use them. Refer to Import OATH tokens in bulk and Enable OATH OTP for system administrator set up information.