Enable QR Code authentication

This topic describes how to enable authentication by scanning a Quick Response (QR) Code with an enrolled mobile device.

QR codes offer a secure and convenient authentication mechanism. After a user successfully scans the QR code, they proceed to the next challenge defined in the authentication profile. If they select QR Code as an authentication mechanism in the next challenge, the challenge is considered successful based on the previous QR Code scan and the user is logged in. If you did not define additional challenges in the authentication profile, the user is logged in. In addition, you can use QR Codes to enable users with enrolled mobile devices to bypass other authentication mechanisms. See Create authentication profiles for more information.

Users must have an enrolled iOS or Android device with version 20.7 or later of the CyberArk Identity mobile app application installed to successfully scan the QR code.
To enable QR Code authentication

  1. In the Identity Administration portal, go to Settings > Authentication > Security Settings, then select Enable QR code based user identification on login screen.

  2. Click Save.

    Users now have the option to scan a QR Code on the login screen.

    You can require user's to pass their device's native biometric authentication before scanning the QR code. Refer to mobile security settings for more information.

    The QR Code expires in one minute. Users need to refresh the page to generate another QR Code.

Authentication mechanisms

Create authentication profiles