Two-factor authentication (2FA) adds an extra layer of security to your account. It requires users to provide two forms of authentication:
Something you know (for example, username and password).
Something you have (for example, a one-time password generated by an OTP app).
DigiCert requires a form of authentication that you know, depending on your sign-in method:
Username and password: Enter your sign-in credentials.
Client authentication certificate: Use the password for your client authentication certificate.
Single Sign-On (SSO): Use your SSO credentials.
2FA requires a one-time password (OTP) generated by a mobile app that supports the Time-based One-Time Password (TOTP) protocol.
How OTPs work: Each OTP is valid for a short time, enhancing security by expiring quickly.
When 2FA applies: OTPs are required when signing in with:
Username and Password
Client Authentication Certificate
SSO (with some exceptions; see SSO exceptions.
Tip
2FA cannot be disabled unless you contact Support to request an exception.
If you do not have an authenticator application yet, here are some popular options, however most other apps that support TOTP will also work:
Authenticator | Publisher | Supported by Android | Supported by iPhone |
---|---|---|---|
Okta Verify | Okta, Inc. | Yes | Yes |
Google Authenticator | Google LLC | Yes | Yes |
FreeOTP Authenticator | Red Hat | Yes | Yes |
Twilio Authy | Authy, Inc. | Yes | Yes |
Microsoft Authenticator | Microsoft Corp. | Yes | Yes |
Duo Mobile | Duo Security LLC | Yes | Yes |
Note
These authenticators can be downloaded from Google Play on Android or the App store on iOS devices.
When two-factor authentication is enabled:
SSO using SAML
You will be prompted to enter an OTP when signing in even if you have already provided an OTP to your identity provider (IdP).
SSO using OIDC
DigiCert will skip the OTP prompt if you have already provided an OTP to your IdP.