The Enrollment Process

When starting the enrollment process, users will see the following screen after entering their username and password:

TOTP or Email?

Veracross supports two types of MFA: time-based one-time passcodes (TOTP) and email. They have very different user experiences. 

Option 1: Time-based One-Time Passcode (TOTP) Workflow:

1. Users will need an authentication application to complete the enrollment. This is typically installed on their phone, but could also be desktop software. They'll need to use the app to scan the QR code. Once scanned, the app will provide a six-digit code that users will enter into the enrollment screen, then click "Verify". This an example of scanning the QR code using the Authy app:

2. After entering the verification code, users will be prompted to write down a recovery code, then click "Continue" to finish logging in.

3. At this point, whenever users log in, they will be prompted to enter the six-digit code from their authentication application. 

Users may also choose the "Remember me for 7 days" option, which will store a cookie in their browser so the next time they log in, we can skip the MFA challenge step. The cookie will expire after 7 days. Their device location is also checked, so that if they're logging in from another location (approximately 300 miles by IP geolocation), they will be asked for a MFA code regardless of their request to be remembered.

Option 2: Email 

1. Upon clicking the "Send Email..." button on the MFA option screen, the user will then receive an email from Veracross with a six-digit one-time verification code. The user must then enter that code into the Veracross screen.

Users may also choose the "Remember me for 7 days" option, which will store a cookie in their browser so the next time they log in, we can skip the MFA challenge step. The cookie will expire after 7 days.