Skip to main content

Learn more about 2FA

Two-factor authentication (2FA) adds an extra layer of security to your account. It requires users to provide two forms of authentication:

  1. Something you know (for example, username and password).

  2. Something you have (for example, a one-time password generated by an OTP app).

How does it work?

Something you know

DigiCert requires a form of authentication that you know, depending on your sign-in method:

  • Username and password: Enter your sign-in credentials.

  • Client authentication certificate: Use the password for your client authentication certificate.

  • Single Sign-On (SSO): Use your SSO credentials.

Something you have

2FA requires a one-time password (OTP) generated by a mobile app that supports the Time-based One-Time Password (TOTP) protocol.

  • How OTPs work: Each OTP is valid for a short time, enhancing security by expiring quickly.

  • When 2FA applies: OTPs are required when signing in with:

    • Username and Password

    • Client Authentication Certificate

    • SSO (with some exceptions; see SSO exceptions.

Tip

2FA cannot be disabled unless you contact Support to request an exception.

Commonly used authenticator applications

If you do not have an authenticator application yet, here are some popular options, however most other apps that support TOTP will also work:

Authenticator

Publisher

Supported by Android

Supported by iPhone

Okta Verify

Okta, Inc.

Yes

Yes

Google Authenticator

Google LLC

Yes

Yes

FreeOTP Authenticator

Red Hat

Yes

Yes

Twilio Authy

Authy, Inc.

Yes

Yes

Microsoft Authenticator

Microsoft Corp.

Yes

Yes

Duo Mobile

Duo Security LLC

Yes

Yes

Note

These authenticators can be downloaded from Google Play on Android or the App store on iOS devices.

Two-factor authentication and SSO

When two-factor authentication is enabled:

  • SSO using SAML

    You will be prompted to enter an OTP when signing in even if you have already provided an OTP to your identity provider (IdP).

  • SSO using OIDC

    DigiCert will skip the OTP prompt if you have already provided an OTP to your IdP.

Publication date: