Authentication by a linked app
When you log in and
2FA by linked app
has been enabled, you can use HighQ Drive or HighQ Stream on a mobile device to authenticate access to your site or instance.
The HighQ apps can be paired and used for two-factor authentication; and can either generate a passcode or a notification on your paired device to allow access. If notifications are used, it is possible to send the passcode directly to your browser and log in without typing the passcode.
2FA with HighQ apps can provide instance or site access:
Instance access
: If 2FA authentication is required to access the HighQ platform, use
HighQ Drive
or a third-party app.
Site access
: If 2FA authentication is required to access individual HighQ sites, use
HighQ Drive
only.
HighQ apps automatically detect if 'instance' or 'site-level' 2FA is used. For simplicity, HighQ Drive is recommended.
This describes pairing when
instance
or
site
-level 2FA is enabled and pairing is performed from a browser on your computer. If you only have a mobile device, you can
pair without a computer
.
If you have not yet logged in, open a web browser on a computer. You need to perform four steps:
Initiate log in through the browser.
Download and open the HighQ app and log in.
Receive an access request notification.
Redirect to the logged-in view in the browser.
Log in with the browser on your computer
Go to your instance address and enter your username and password:
If you do not have access to a computer see
Pairing without a computer
.
Enter the six-digit passcode sent to your email address:
Choose which authenticator app you wish to use; either HighQ Drive, or a
third-party 'other' app such as Google Authenticator:
You MUST keep this app on your device. You are required to use it each time you log in (unless you have chosen to
trust a device
).
Using third-party authentication apps
If you select
Other authenticator app
a QR code is displayed. Complete the process as described
here.
On the Log into HighQ app screen, if you have not installed
HighQ Drive
, open the app store for your device and download it.
Download, install and log in to the app (as described below) before you click Next.
If you have already installed the app, log out to clear data, then log in again as described below.
Logging in with instance- or site-level 2FA
Download and open
HighQ Drive
on your mobile device, then follow the instructions in the app:
The images below show the iOS and Android versions of the app.
Enter your instance domain:
Enter your username and password:
Enter the six-digit passcode sent to your email address:
If the app detects that 2FA is enabled at the instance level, it displays a request to use the app with your instance.
If your site uses site-level 2FA only, skip to
Site-level 2FA
.
The app automatically pairs your device with your instance.
Backup codes (instance-level 2FA only)
When the device and instance are paired, the app shows a list of backup codes. These are required should your device be lost or reset. Take a screenshot or print the screen; keep a copy or note in a safe place:
Tap
Continue
only after you have saved or noted your backup codes.
If required by your system admin, you may be asked to allow the app to access your account:
Tap
Allow
to finish the pairing process on your device.
2FA push notifications are automatically configured.
If sites on your instance do not use site-level 2FA, skip to '
Click Next on your desktop browser
'. Keep the app open on your device.
Each site on an instance can use site-level 2FA, either on its own or in addition to
instance-level 2FA
.
Note that HighQ Stream cannot configure site-level authentication.
Go to the
Browse
view in HighQ Drive and tap the 2FA-protected site you need to access:
A message informs you that access is restricted. Tap
Continue
to start the pairing process, then authorise the sign-in request.
In this example, access to the site is restricted using 2FA only; however other restrictions can be applied by the site admin (such as setting a restricted IP range, setting a password, and asking the user to accept terms and conditions). If this is the case, you must complete these steps to open the site.
A message asks you if you want to use the app for two-factor authentication; tap
Yes
to continue the process:
Continue to
Click Next on your desktop browser
. Keep the app open on your device.
Click next on your desktop browser
After you have paired the instance or site, the app displays a message directing you to click the
Next
button in your desktop browser:
Click
Next
, then return to your mobile device for the next step.
If you select
Next
on the browser page before the
Successful pairing
message is displayed on your mobile device, the push notification is not sent. If this happens, you can either complete the steps on your mobile device and reload the browser page to trigger the push notification OR use the app to generate a six-digit passcode and enter that into the browser page (see the section
Manually generate authentication passcodes
, below).
Receiving an access request or notification
After you select
Next
in the browser, you see a message on your device that asks you to authorise the sign-in request.
If you receive one of these notifications but you did not request it, tap
Deny
and inform your administrator.
If the HighQ app is still open and on your device's screen, you'll need to allow a request to authorise the sign-in.
If the HighQ app is open in the background, you'll get a notification to authorize the request (in iOS, long press on the notification to reveal the actions):
Tap
Allow
to automatically fill the passcode field in your browser and open the site.
As HighQ apps are paired to your instance, it is possible to send the passcode directly to your browser and log in without typing the passcode.
Redirecting to the logged-in view in the browser
The platform automatically logs in to your account on the desktop browser:
You can now
log in to Collaborate
with 2FA.
The configuration of your instance determines how frequently you are required to log in using 2FA. If 2FA is required, an authentication notification is sent to your paired device, requiring you to tap
Allow
to access your site or instance.
Pairing without a computer
If you want to pair a mobile device to your HighQ instance or site and do not have access to a browser or your computer, please follow these steps:
If it is not already installed, download HighQ Drive:
Download HighQ Drive from the Apple App Store or Google Play.
Alternatively, you can download HighQ Stream if your instance uses instance 2FA only.
Install and open the app.
Log in to the app:
Enter your HighQ instance domain (e.g. collaborate.yourcompany.com).
Enter your email address and password.
Enter the six-digit passcode sent to your email address.
Pair the app to use as an authenticator:
If you need to access a site that uses site 2FA, open the
Browse
view and tap on the site. Tap
Continue
.
Instance 2FA is detected automatically.
Tap on the in-app notification asking whether you would like to use this app for two-factor authentication.
If configured on your site or instance, take a note or screenshot of the backup codes and tap
Continue
.
If required: Tap
Allow
when asked if the HighQ app is allowed to access your account.
Optionally: Choose a six-digit app password to increase security.
At this point, your device is paired and you can receive notifications when two-factor authentication is required.
Logging in to HighQ after setting up 2FA
When you log in, you see a screen asking you to enter the six-digit code from your mobile authenticator app
or
tap
Allow
on a notification sent to your paired device:
If the HighQ app is used as an authenticator in the foreground, an in-app notification to authorise the sign-in request is displayed:
If the HighQ app used as an authenticator is in the background, a system notification to authorise the sign-in request is displayed:
Tap
Allow
to complete the authentication process and redirect the browser to your landing page:
As HighQ apps are paired to your instance, it is possible to send the passcode directly to your browser and log in without typing the passcode.