What is multi-factor authentication (MFA)?
MFA adds an extra layer of security to your sign in process. In addition to credentials (username and password), users are prompted to enter a verification code from an authenticator app or a one-time password (OTP) via email.
Why am I not asked for the second factor every time I sign in?
We use advanced risk-based MFA, which means the second factor is required only in certain high-risk situations. Risk-based MFA assesses various factors, such as user location, device, IP address, and login behavior, in real-time to determine the necessity for additional authentication steps. Here is more information about risk-based MFA.
Which authenticator app can I use?
We recommend Microsoft Authenticator. However, any other authenticator app will work as they all function similarly for generating codes.
How do I set up the authenticator app?
Download the authenticator app on your smartphone, then either scan the QR code or manually enter the provided key into the app.
Tip: For detailed instructions, refer to the article MFA - enable and manage.
What is the "Manual setup" option?
This option provides the manual setup link that displays your associated email address and the secret you can enter manually in the authenticator app.
How do I get a code if I can't scan the QR code?
Most authenticator apps support manual entry. Copy the setup key displayed on the screen and paste it into your app. See the previous question.
Can I change the name of the linked account in the authenticator app?
Yes, most popular authenticator apps allow you to change the name of the linked account. The default name is "Munich Re Group Federation", but you can change it to any other name.
What should I do if I cannot access my authenticator app (for example, I have misplaced my smartphone)?
You can temporarily switch to receiving the code by email instead.
What if I lose my phone or uninstall the app?
In this case, you can switch to receiving the code by email and contact our Customer Support team to reset the authenticator app. After that, you can relink your account with a new authenticator app.
What if I can't (or don't want to) install the authenticator app?
We offer alternative MFA methods, such as email-based one-time passwords. You can choose your preferred method when you sign in to the platform.
Can I get a recovery code for my authenticator app?
Some authenticator apps allow you to create backups or exports accounts. Check the documentation for your app and store any recovery codes in a safe place.
Do I need an internet connection on my phone to get the code?
Most authenticator apps generate time-based one-time passwords (TOTP) on your phone, so they don’t require an internet connection for code generation.
Why isn't my code working?
Ensure your phone's time and date settings are correct and confirm you entered the correct secret key. If issues persist, try removing and re-adding the account in the app.
How often does the code refresh?
Most authenticator apps generate a new 6-digit code every 30 seconds, ensuring that each code is time-limited.
What if I get locked out because I can't access my authenticator app?
If you're locked out, use your backup MFA method (like receiving an email code) or contact our Customer Support team. It's crucial to always have an alternative verification method set up.
Can I set up multiple devices with the same account?
In most cases, yes. You can scan the same QR code on multiple devices or add the same secret key. However, for security reasons, we recommend limiting the number of devices that have access to your MFA.
Do I need to reconfigure the app if I reset my phone or switch to a new one?
Yes, resetting or switching phones typically requires you to set up the authenticator app again. Be sure to have backup codes or an alternate MFA option before wiping or replacing your phone.
Why are my codes sometimes not valid when my phone's clock is off?
Authenticator codes are time-based. If your phone's time is inaccurate, the generated codes may not match the expected values from the server. Make sure your phone's clock is set to the correct time (sync it with an internet time server if possible).
If I'm using Single Sign-On (SSO) as a customer, do I still need MFA?
Not necessarily. Our platform doesn't mandate MFA for SSO provided by your identity provider (IDP). However, your IDP may have its own login policies and could require you to complete MFA on their side. If so, you'll need to follow your IDP's MFA process before accessing our service.
What is the "Auto setup on mobile devices" option?
This option provides a direct link that you can use on your smartphone if you can't scan the QR code. The link will open your authenticator app and automatically link your account. The link is in the format:
otpauth://totp/Munich%20Re%20Group%20Federation%20:<your email address>?secret=<your secret>=Munich Re Group Federation