> For the complete documentation index, see [llms.txt](https://ztrust.gitbook.io/ztrust-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v4.1/4.-admin-manual/4.14-ztrust-authenticator.md).

# 4.14 ZTrust Authenticator

## 1. Introduction <a href="#id-1.-introduction" id="id-1.-introduction"></a>

The ZTrust Authenticator is a secure mobile application designed to offer different single factor as well as two-factor authentication (2FA) options, including Time-Based One-Time Passwords (TOTP), QR code scanning, Push notifications, and NFC-based authentication. These features provide additional layers of security for your accounts beyond passwords. These features provide different types of methods for user authentication.

## 2. System Requirements <a href="#id-2.-system-requirements" id="id-2.-system-requirements"></a>

* Operating System: Android 10 or later and iOS 13 or later
* Internet Access: Required for account setup, push notifications, and syncing
* Storage: 200 MB minimum
* Permissions:
  * Camera: For QR code scanning
  * NFC: For NFC-based authentication (NFC-enabled device)
  * Internet: For push notification (Allow Notification permission)

## 3. Installation <a href="#id-3.-installation" id="id-3.-installation"></a>

* Go to [PlayStore](https://play.google.com/store/apps/details?id=com.prodevans.ZTrust):&#x20;

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdOfCS7WsNdZw9E0PbpeEIJqUE-eorwnnPe_Vvn8J5vorZj7pi4ooICFS1XgShvVVS0wM0BazuQQ3BnQtoEPT35LSg5aFSlbP9nC30wsx_f2R732uFkTyBpShxto2UUX10TIeq3aQ?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.a: ZTrust authenticator on play store</p></figcaption></figure>

* Go to [App Store](https://apps.apple.com/in/app/ztrust/id6739931418):&#x20;

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdlaDMnrg8CvhTyFNvtKis-K7fSP0d3anldpjEVfsiNrI6tSw8EkQNlrAMpHe7f3xbgXpp2Yv2uMXE5hzEblxZC0Pq7idIibevNFsF5bprNTEkg_YqGA2JtSIVswhHaBxGQsiAb?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.b: ZTrust authenticator on app store</p></figcaption></figure>

* Now install the application and start the initial setup.

{% hint style="warning" %}
**Prerequisite:**  RabbitMQ configuration is mandatory. Please ensure [RabbitMQ](/ztrust-documentation/user-manual-ztrust-v4.2/4.-admin-manual/4.6-rabbitmq-configuration.md) is properly set up before using the ZTrust Authenticator.
{% endhint %}

## 4. Getting started <a href="#id-4.-getting-started" id="id-4.-getting-started"></a>

ZTrust Authenticator allows users to securely add their accounts using the following methods:

* ZTrust SSO Login
* Self-Service Portal

Each method uses a simple QR code scan and secure confirmation process to onboard your device.

#### **4.1. Enforce the user to set up an authenticator while logging in or registering.**

**Prerequisites**

* Initial setup required; enable the required action in ZTrust SSO to trigger device registration and onboarding. Steps as follows:

  * Log in to the ZTrust Admin Console and select the realm where you want to enable Device Registration.

    <figure><img src="/files/V1aB992DsdJVmWFcS0N1" alt=""><figcaption><p>Fig 4.13.c: Welcome demo realm</p></figcaption></figure>
  * &#x20;Then, on left side under the configuration section, select Authentication tab in bar.

    <figure><img src="/files/2xUcpT0SjB3pmn41NM14" alt=""><figcaption><p>Fig 4.13.d: Authentication section in sidebar</p></figcaption></figure>
  * There you will see three tabs, like Flows, Required actions and Policies. Select Required on tab. &#x20;

    <figure><img src="/files/REtP3R68JdV3bHbHobWW" alt=""><figcaption><p>Fig 4.13.e: Required actions in authentication section</p></figcaption></figure>
  * Here, you will see three headings: **Action**, **Enabled**, and **Set as Default Action**
    * **Action**: Represents the types of required actions available in ZTrust.&#x20;
    * **Enabled**: Indicates whether the action is active and ready to use. Once enabled, the admin can assign it to specific users. However, for device registration, it should be enabled for all users at the time of registration.
    * **Set as Default Action**: When turned on, the selected required action becomes mandatory for the realm. This means that whenever users register, they must complete this action in addition to filling out the registration form.

      <figure><img src="/files/5EuT0JZVd44l77uuvMep" alt=""><figcaption><p>Fig 4.13.f: Options in required action tab</p></figcaption></figure>
  * Now, enable the Authenticator Application Setup by turning on both *Enabled* and *Set as Default Action*.

    <figure><img src="/files/nvOfo1uH4vD73dpOEIl5" alt=""><figcaption><p>Fig 4.13.g: Turn on Authenticator Application setup</p></figcaption></figure>
  * Now that it is enabled as a default required action, any user who registers through the ZTrust registration page will also be prompted to complete the device registration setup.

  <div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p><strong>Note:</strong> If, for any reason, device registration is not completed but you have already submitted the registration form, you can still log in using your email/username and password. Upon login, you will be prompted again to complete the pending device registration action.</p><p>If you attempt to start the registration process from the beginning, you will receive an error stating that your email already exists.</p></div>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v4.1/4.-admin-manual/4.14-ztrust-authenticator.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
