OneLogin Protect for iOS is a mobile authenticator app that provides a one-time-password (OTP) as a second authentication factor. It is designed for iOS 11.0 and above.
How it works
OneLogin Protect paired with OneLogin delivers a one-time password through push notifications, which makes the authentication process simple and easy.
Log in to your OneLogin account.
The login screen notifies you that it's waiting for a one-time password.
OneLogin sends a notification to your device. Tap the notification, select Accept and OneLogin automatically sends the OTP and logs you in.
Set up OneLogin Protect from the login prompt
If your organization requires you to use 2-factor authentication (2FA) and has enabled OneLogin Protect as an authentication method, you are prompted to set up OneLogin Protect the first time you log in to OneLogin.
On your mobile device, launch the App Store, search for OneLogin Protect, install and launch it.
On a separate device, log in to OneLogin.
A prompt appears. Select OneLogin Protect.
A QR code appears. Scan the code from your mobile device for setup, keep it open in your browser while you install OneLogin Protect.
If you can't scan the code, click Can't scan the code? and you're provided with a numeric code to enter instead.If your administrator requires you to secure your iPhone or iPad when you use OneLogin Protect, and you didn't enable the Passcode feature (or Passcode + TouchID), you're prompted to set up a passcode. After you enable Passcode, return to OneLogin Protect to continue setup.
To add an account from the OneLogin Protect app welcome screen, click the + in the upper right corner.
If you're prompted to permit OneLogin Protect to use your camera, click OK.
From the Scan Activation Barcode screen, use your iOS device camera to scan the QR code. The box turns green once it's successfully paired (registered) to your OneLogin account.
If the code doesn't scan for you, click Enter the code instead in the app, and in your browser click on Can't scan the code? to receive a registration code.
The OneLogin Protect home screen appears with the account you configured. To copy the OTP to your clipboard, tap the row. Use a long press to view the credential ID and other information used during pairing.
If you are prompted to Enable Push Notifications, click Enable.
OneLogin Protect appears in your Portal Profile page under the 2-Factor Authentication section.
Set up OneLogin Protect from a smartphone
Log into your OneLogin account. A prompt indicates that 2-factor authentication is required. Click Continue.
Select OneLogin Protect from the list of available factors.
Follow the instructions to download OneLogin Protect. Once the app is installed, go back to the browser and click Activate. Your account appears in OneLogin Protect.
Set up OneLogin Protect from your portal's profile page
In your Portal, open the user profile menu. Click Profile.
Click the plus sign + next to 2-Factor Authentication, which launches a dialog. Select OneLogin Protect and your device type.
Follow steps 4-9 from the previous section, Set Up OneLogin Protect from the Login Prompt to scan the code and register your device.
FaceID/TouchID Authentication
Your administrator may require your organization's users to enable biometric authentication to access OneLogin Protect. If your device prompts you to enable biometric authentication, tap "Sign in with FaceID" (or TouchID on iPhone 8 and below) and follow the on-screen prompts to enable OneLogin Protect to authenticate your identity with iOS biometrics.
Backup and restore your accounts
Protect can back up and restore accounts across any device or operating system.
To back up your Protect accounts:
Launch Protect on your smartphone and swipe right to view the menu.
Tap Backup.
On the next screen, tap Backup Now.
You're sent a confirmation that your account data was successfully backed up.
Note: the loss of your QR code or master password will render your backup data inaccessible. If this occurs, the end user will need to use a different email and master password to create a new backup copy.
We strongly encourage all users to update to the newest version of OneLogin Protect. If you're using an older version, below are the steps to restore your Protect accounts:
Log in to Protect and swipe right to view the menu.
Tap Restore.
In the viewer that appears, scan the QR code from your saved Recovery Kit, or enter the digits from the security key instead.
Enter the email and master password you created in the Backup steps (above). Your previously saved accounts will appear.
Important note: on older versions of OneLogin Protect, backup and restore functionality requires an active and configured Google Drive account on the mobile device. We are currently awaiting approval on the "Sign in with Google" permission for our iOS app to resume the ability to sign into a Google Drive account, if no pre-configured account exist. If you don't have a pre-configured Google Drive account on your mobile device, you will not be able to sign into one until the permission approval process completes.
Unpair your device
To unpair your device, go to the Profile page. Under 2-Factor Authentication, find the OneLogin Protect row and click Revoke.
Troubleshooting
I got a new or replacement device, did not backup, and can't log in.
Please contact your administrator so that they can manually revoke your old device. Once the old device is removed from your account, you can register your new or replacement device.
If you know you will be getting a new device, unpair and revoke your old device from your Profile page and then register your new device.
I can't scan the barcode.
Make sure OneLogin Protect can access your camera. From the app, open the hamburger menu and click Settings. Make sure the camera toggle is on.
I don't see notifications on my phone or tablet.
Make sure OneLogin Protect notifications are set up. From the app, open the hamburger menu and click Settings. Turn on the Allow Notifications.
Note: Apple Watch notifications are also managed by your iPhone settings and not by the OneLogin Protect settings section. Any functionality that OneLogin Protect provides your Apple Watch is native to the Apple platform and not officially supported by OneLogin.
If your administrator requires biometric verification to log in, the notification that arrives on your Apple Watch will need to be confirmed with a device that uses biometrics.
Push notifications don't work.
The push notification connection may take up to a few hours to complete. In the meantime, you can use a manual code entry if you do not receive a push notification. You may also try again with a new code (new codes are generated every 30 seconds). If it still fails, contact your administrator because there may be a network issue.
If your phone isn't on a network connection but your laptop is, manually enter the OTP into your browser.