> For the complete documentation index, see [llms.txt](https://ztrust.gitbook.io/ztrust-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v4.1/4.-admin-manual/4.14-ztrust-authenticator/4.14.2-authentication-methods.md).

# 4.14.2 Authentication methods

* Push notification–based login&#x20;
* QR code–based login
* &#x20;TOTP
* NFC-based login

1. **Push Notification-based login**\
   ZTrust uses push authentication to verify user identity by sending login requests to a trusted mobile device. Users can approve or deny access with a single tap, offering both convenience and strong protection against unauthorised access.
   1. After a successful login, select your account. You will be redirected to the profile page, where all features are available. To make your device the primary one, enable the toggle button.

      <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdSQilBoIPEADvVTwtJPO8aZocSvc3Gvjix0Y44dlBHS_YCoHmprp_O-MgQ53nEgOBM4f9-pf3N_q8DzpyVJuyfFE_BZT_g6PJbiX7Ja0710H29BLVzznGsTcI9GSJtI-O0txa81Q?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.2.a: Home page of authenticator</p></figcaption></figure>
   2. Login Process
      1. Visit the application URL where you want to log in.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXccOn-vmfpU96UGgaNL9wvZWPbenXXVNMTk2ZMH32CCoyKsPmHpXNsBVaO1_G4BJw2MBYHwm3B3j2VrJfLCwzxTuwLQVgRPXnNqJAaqgLZhEjBzB8EzDIlRoAtuntuyAiADBZPggQ?key=H1CBi0glPVUPOPXlkXmCEQ" alt=""><figcaption><p>Fig 4.13.2.b: Login Page</p></figcaption></figure>

      2. Below the Login button, click on **“Try Another Way”**. After clicking, you will be redirected to a page that displays all available login methods.

         <figure><img src="/files/7eQOEy5vRlpsy9dw2w00" alt=""><figcaption><p>Fig 4.13.2.c: Select authentication method</p></figcaption></figure>

      3. From the list of available login methods, select **Push Notification**.

         <figure><img src="/files/uAyT8wB7njPCrHojxEIh" alt=""><figcaption><p>Fig 4.13.2.d: Username page </p></figcaption></figure>

      4. Enter your username and click the **Log In** button. A push notification will be sent to your registered mobile device.

         <figure><img src="/files/95sw99dK0G0W20MtPkqJ" alt=""><figcaption><p>Fig 4.13.2.e: Submitted the username form for Push</p></figcaption></figure>

      5. Open the **ZTrust Authenticator** app on your registered device. You will receive a login notification.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfENrKD6-ab-qAPC-K25zznw3D-qYqRpQ338yuaBYOiIXglBP0lcnD1i77tWz_x68s6oFskY69TWwCOxWKLk7iFxbcyrDFdMfemBWspBECUPtCkZTOuiHlQFJ8BZ8ZtPfjefGaGrA?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.2.f: Push notification in authenticator</p></figcaption></figure>

      6. When the user taps **Accept** in the ZTrust Authenticator app, the request is securely confirmed and the response is sent back to **ZTrust SSO**. The login is then completed in the browser.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcgKCOT_eHSnFZGX72xeYxdNdcTad7NLFri0S3uzvsC10RckuTuSGQcp3euLkVeL4MqZZ1Gob2qcJOLcaXI1DCnKbty65c8-dqhnfJJkVCPiVd_LP5BcCoiAyaMxxazMRl8Jtl1uQ?key=H1CBi0glPVUPOPXlkXmCEQ" alt=""><figcaption><p>Fig 4.13.2.g: Self service portal</p></figcaption></figure>

      7. The user has now successfully logged in using push notification.

2. **QR code–based login**\
   ZTrust enables secure login through QR code authentication, where users scan a unique code with their registered device to verify identity. This ensures fast, phishing-resistant, and seamless access.
   1. Login Process
      1. Visit the application URL where you want to log in.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXccOn-vmfpU96UGgaNL9wvZWPbenXXVNMTk2ZMH32CCoyKsPmHpXNsBVaO1_G4BJw2MBYHwm3B3j2VrJfLCwzxTuwLQVgRPXnNqJAaqgLZhEjBzB8EzDIlRoAtuntuyAiADBZPggQ?key=H1CBi0glPVUPOPXlkXmCEQ" alt=""><figcaption><p>Fig 4.13.2.h: Login Page</p></figcaption></figure>
      2. Below the Login button, click on **“Try Another Way”**. After clicking, you will be redirected to a page that displays all available login methods.

         <figure><img src="/files/I7tEj1iipB4f6bYeDC3A" alt=""><figcaption><p>Fig 4.13.2.i: Select authentication method</p></figcaption></figure>
      3. From the list of login methods, select **QR Code Authentication**. A QR code will be displayed on the screen.

         <figure><img src="/files/2IpOJwuorAVxNF2Whj1j" alt=""><figcaption><p>Fig 4.13.2.j: QR login page</p></figcaption></figure>
      4. Open the ZTrust Authenticator app and, from the Profile page, selects *QR Code Authentication*. The app then launches the QR scanner

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdgM2ZdLAJ5qQRJLufSS5qjAzLZmNcp15oz1wb3Z4iK0fskbgAo_SycnwW6plvlR_324jUTW0V_M_g9W-Z6hLq2H2cE0X8VwNKdt0oeG0F2HhsgS56c-5KUrOYehT6q_k0XgxTE?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.2.k: Scanner of ZTrust authenticator</p></figcaption></figure>
      5. After successfully scanning the QR code, the app will prompt you to either **Accept** or **Deny** the login request.&#x20;

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdVRJG3hFqBjwi53tqaPbHAgtA5B-Usm2KiOj394UYwbEu49lE1lcdD5czKq9YEr4GU-Nb21cnY_2lqbtrCqrwhWTYmdvcHr-n_2H0HxNVOdlg9CUMobZQVn3vkAMenvGoB6ILuEA?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.2.l: Confirm to login</p></figcaption></figure>
      6. If you tap **Accept**, the login will be confirmed and you will be successfully logged in the browser.

         <figure><img src="/files/QCENXOZ9iAOFtkVBexzW" alt=""><figcaption><p>Fig 4.13.2.m: Self service portal</p></figcaption></figure>
      7. The user has now successfully logged in using **QR code–based login** .

3. **Time-Based One-Time Password (TOTP)**\
   ZTrust supports Time-based One-Time Password (TOTP) authentication, where users enter a short-lived code generated on their registered authenticator app. This adds an extra layer of security with simple, offline verification.
   1. **Login Process**
      1. Visit the application URL where you want to log in.

         <figure><img src="/files/WYSMw0cgZWAi1MHfIaJu" alt=""><figcaption><p>Fig 4.13.2.n: Login page</p></figcaption></figure>
      2. Below the Login button, click on **“Try Another Way”**. After clicking, you will be redirected to a page that displays all available login methods.

         <figure><img src="/files/mIGm5aa5A8b4esyM2c3P" alt=""><figcaption><p>Fig 4.13.2.o: Select authentication method</p></figcaption></figure>
      3. From the list of login methods, select **TOTP (Time-Based One-Time Password)**. A username entry form will appear.

         <figure><img src="/files/YH9Abxr3nqBFSg2hdO1s" alt=""><figcaption><p>Fig 4.13.2.p: Username form for TOTP</p></figcaption></figure>
      4. After entering your username, ZTrust will verify it and then display the **TOTP page**.

         <figure><img src="/files/nroMQlk4056IaMQyiaDj" alt=""><figcaption><p>Fig 4.13.2.q: Confirm TOTP </p></figcaption></figure>
      5. Open the **ZTrust Authenticator** app and go to the **Profile** page. Select **One-Time Passcode**. The app will display a 6-digit TOTP (Time-Based One-Time Password), which refreshes every 30 seconds.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXd-iYpdf19X3oPSeA26qE4rp-iOF19E1Nceu_WEUvyhTHPbeEVmNUF-tjTUdcSgfEFAhumFAXM2Nd3nd0r6Ra4a_N7mOeLy1pCxeSPJToQ-j7Mza2Lc42omZpxet1-06XNauJoIfQ?key=H1CBi0glPVUPOPXlkXmCEQ" alt="" width="188"><figcaption><p>Fig 4.13.2.r: Home page of authenticator, TOTP</p></figcaption></figure>
      6. Enter the 6-digit TOTP into the field on the browser page and click **Submit**. You will then be successfully logged in.

         <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdG_ptcv6tursHYVfzK0oyHqRVzEhLFwOXmVF18HXN4r7uJPsf_BA4TBx2uH9ZE0ztvru5Bv_NRlTupn-ksVuRtXqarrd_bX_xikMk1JXPtnx0eMjlKFXNwABEwSbse1sxtiqDoOw?key=H1CBi0glPVUPOPXlkXmCEQ" alt=""><figcaption><p>Fig 4.13.2.s: Self service portal</p></figcaption></figure>
      7. The user has now successfully logged in using **Time-Based One-Time Password (TOTP).**

4. **NFC-Based Login**\
   With NFC-based authentication, ZTrust allows users to authenticate by simply tapping their trusted device or card near an NFC reader. This provides a quick, contactless, and secure login experience.
   1. Prerequisites
      1. An **RFAID card** registered with your account.
         1. To register your card, please contact your **administrator**.
         2. A **device** that supports **NFC-based authentication.**
   2. **Login Process**
      1. Visit the application URL where you want to log in.

         <figure><img src="/files/y8X4eX8RM6PBxMft4xLn" alt=""><figcaption><p>Fig 4.13.3.t: Login page</p></figcaption></figure>

      2. Below the Login button, click on **“Try Another Way”**. After clicking, you will be redirected to a page that displays all available login methods.

         <figure><img src="/files/6iYVd0ENEDQt5mMjLGOc" alt=""><figcaption><p>Fig 4.13.2.u: Select Authenticator method </p></figcaption></figure>

      3. From the list of login methods, select NFC option. A username entry form will appear.

         <figure><img src="/files/CUgi8sJjDVtJONj8u4qG" alt=""><figcaption><p>Fig 4.13.2.v: User name form for NFC</p></figcaption></figure>

      4. Enter your **username** and click the **Log In** button. A **notification pop-up** will be sent to your registered mobile device.

         <figure><img src="/files/MsynF92oWAhQt6QRhIAA" alt=""><figcaption><p>Fig 4.13.2.w: Username form submitted for NFC </p></figcaption></figure>

      5. Open the **ZTrust Authenticator app** and navigate to the **Profile page**. A **notification** will appear in the app. The app will then display an **NFC prompt**, asking you to **tap your NFC card**.

         <figure><img src="/files/HHVJyUPjoRkcaerVRnuf" alt="" width="128"><figcaption><p>Fig 4.13.2.x: NFC request received</p></figcaption></figure>

      6. The user taps the **registered RFAID card** on the phone. Once the NFC card is successfully read, the **authentication process continues**.The **ZTrust mobile app** securely verifies the NFC card. The **authentication response** is sent back to **ZTrust SSO**. If the response is correct, the **authentication is successful**.<br>

         <figure><img src="https://chat.google.com/u/0/api/get_attachment_url?url_type=FIFE_URL&#x26;content_type=image%2Fpng&#x26;attachment_token=AOo0EEVssGpCOnEzl3ASqBoyTl4z%2F8oZQm37VVPvlIlVKuh12csLpfXKzMYSjWDqrtRdUvGhJs83hrYU83%2BmSFBmzxugXdZOMHaOU5Ml97yR3bXmRcFwOxi5b0gD5KpW1hhc%2BQxG5%2BcV2EE1%2Fzv95DTOqkbFJ2tAEJoAUUO480E0tSVGsNsTVIdQrD%2FVKdQkzD%2BauESMsKpTuNtyIgbJ%2FyxhYocMVemLfS3%2FV15%2Bjxz9uQz9S2H%2BMsAUn%2ByIyWH5bEs10iEfD4%2B%2BLiES6gvSBa1fLz6s6Yk1roz6ePLWnKiP8xlThGRcnpmvJN4%2Bin00b5J%2BYG7%2F4IJSiP24YJb8%2BNlY2MvbkpTTNNENQa7BMGHz3GTRnH8wnMBJv0veWEvoxozLuEVSQcHDbHh5EyqgSlROGB%2F0CDV7wUJ9yJydTIP0UuzicuZiPtYdmudFBqSnwEonvxnVFIOzs4pVTpmvXui8v4eiNWfqwgoQcORnSZRIIkHkXKPzgJOm%2FHVoGWEj60Zrw%2BAxDdkJ4gLqTtHlBemtykxd4KxyO2kKZF51yyNc2uHeDJMW9IDIhtw5hT5BR0sD&#x26;allow_caching=true&#x26;sz=w512" alt=""><figcaption><p>Fig 4.13.2.y: Self service portal</p></figcaption></figure>

      7. The user has now successfully logged in using NFC Base&#x64;**.**

5. ## Conclusion

The **ZTrust Authenticator app** supports multiple authentication methods — **Push**, **QR Code**, **TOTP**, and **NFC**. These methods together deliver an authentication experience that is **highly secure**, **lightning fast**, and **seamless** for users.
