Skip to main content

Passwordless Login

Passwordless Login Using BlockID Mobile App

The login page presents a QR code when Passwordless Login Using BlockID Mobile App is enabled. Users can authenticate by scanning the QR code from the BlockID Mobile App using a device that has been linked, or by requesting a push notification on the linked device.

  • To enable or disable Passwordless Authentication, login to AdminX as a tenant or community administrator.

  • From the left-hand menu, click Authentication -> Passwordless Login.

  • Toggle the Passwordless Login Using BlockID Mobile App switch to turn passwordless login on or off

Click anywhere in the box to expand the menu and see the different configuration options.

Login Options

Administrators can configure which passwordless login methods to enable and make available to users:

Scan QR Code Using BlockID App

Users are presented with a QR Code. To log in, users scan the QR code and authenticate the login request using the BlockID Mobile App.

Please visit Logging in to the AdminX Panel Using QR Codes for more details on logging in using QR codes.

Push Notification using BlockID App

Users enter their username and then select Send Push to initiate a push notification on their linked mobile device. After confirming the push notification, users verify their identity using their linked biometrics.

Users can switch between QR Code and Username login methods by clicking Username or QR Code near the top of the page.

Please visit Login with Push Authentication for more details on logging in using Push Notifications.

Authentication Factors for Mobile App

tip

The primary and secondary authentication factors apply to both passwordless login methods: BlockID Mobile App and Push Notification Login

This section also allows administrators to configure the primary and fallback authentication factors for their login experience. Users are asked to approve the login request after scanning the QR code or accepting a push notification. Approving the request will trigger the primary authentication method, followed by the fallback authentication method, if the primary method fails or is not supported by the device.

  • Primary Authentication Factor: The multi-factor authentication methods are to be completed by users after scanning their QR code or accepting a push notification on their mobile device.

  • Fallback Authentication Factor: The fallback authentication factors are the same methods as the primary factors but will only be used if the primary factors fail or are not supported by the user's device.

Primary and Secondary Authentication Factors

Face ID / Touch ID

This is the default MFA factor. Users authenticate their login using their enrolled biometrics, such as their fingerprint or Face ID.

PIN

Users authenticate their login by entering their 8-digit PIN. The PIN factor should be used if devices with biometric scanners or cameras are not allowed per company policy or on older devices where these features are otherwise unavailable.

Live ID

Users authenticate their login by using facial gestures and head movements.

If your users still need to do so, they can enroll themselves in Live ID in the BlockID Mobile Application by opening the app menu and navigating to My Identity -> Live ID and completing the enrollment process at any time.

Device Onboarding Preferences

In this section, administrators can define preferences for how users can onboard their mobile devices and FIDO authenticators. Administrators can set whether users can self-onboard devices from the Request an Invite or the My Profile page in AdminX.

Allow Users to Self-Onboard Devices using Email Invitations

Users can onboard a device using the Request an Invite link from the AdminX sign-in page when enabled. Users will receive an invite link to their registered email address. Users are instructed to open the included link on their mobile device to complete the device onboarding process.

Allow Users to Self-Onboard Devices from the User's Profile Page

When enabled, users can link their mobile device directly from their profile page in AdminX. Users scan the presented QR code using the BlockID Mobile Application on the mobile device they wish to link. After completing the process, the user's mobile device is connected to their account and can be used for passwordless authentication.

After logging in to AdminX, click My Devices to view the devices linked to your account.

Click Setup -> Smartphone.

Scan the displayed QR code using the BlockID Mobile App to link the device to your account.

Device Linking Preferences

Set preferences for how many devices their users can link to an account and allow or disallow multiple user accounts on a single device.

Max number of Devices Linked to an Account

Enter the maximum number of devices a user can enroll using the provided box. For example, if you wish to allow users to enroll up to 15 different devices, enter 15 in the provided box.

Are Users Allowed to Enroll New Devices After Max Number of Devices are Enrolled?

Choose whether to Allow or Reject device onboarding requests once the above maximum number of devices has been reached on the user's account.

  • Yes, Cleanup Oldest Device: Users are able to enroll new devices, but the user's oldest linked device is removed.
  • No, Reject New Devices: Users are unable to enroll new devices when max number of devices is reached.

Max Number of Accounts Onboarded on Single Device

Enter the number of accounts from a single community that can be onboarded on a single device in the provided box.

This setting can be useful in certain situations. For example, some users might require multiple accounts, such as having a basic user account for typical activities and a helpdesk administrator account for troubleshooting problems.

Please be sure to save your preferences by clicking Save near the bottom of the page.