This guide shows you how to enable 2‑factor authentication (2FA) in our SSO Portal using a time‑based one‑time password (TOTP) authenticator app.
Requirements
- Your standard username and password.
- A TOTP authenticator app installed on your phone or desktop, such as:
- Microsoft Authenticator (NPG Preferred), Google Authenticator, 1Password, Bitwarden, Authy, or Duo Mobile.
- Approval to use an authenticator app if you’re on a company‑managed device.
Tip: If your authenticator app supports account backup or sync, enable it before switching phones in the future.
Quick Start (Approx. 2 Minutes)
- Sign in to the SSO Portal Account Management page. https://login.npgco.com/auth/realms/npgco/account/#/account-security/signing-in
- Click Set up authenticator application.
- In your Microsoft authenticator app, press + in the upper right of the screen
- Choose Other account (Google, Facebook, etc.) and scan the QR displayed.
- A 6‑digit code will appear and refresh every 30 seconds.
- Enter this 6‑digit code into the form and click Submit.
That’s it—OTP is now enabled. At your next login, you’ll be prompted for the 6‑digit code.
Step‑by‑Step Instructions
1. Open Account Management
- Open this link in your web browser: https://login.npgco.com/auth/realms/npgco/account/#/account-security/signing-in
- Sign in with your username and password if asked.
3. Begin Setup
- Click Set up authenticator application.
- A QR code and a Secret key (text backup) will appear.
4. Add to Your Authenticator App (Microsoft Authenticator)
- Open the Microsoft Authenticator app
- In the upper right of your phone screen, tap +.
- Choose Other account (Google, Facebook, etc.)
- With the camera, scan the QR code
5. Verify and Enable
- A new MFA entry will be created NPG / BERKS with your username.
- Choose NPG / BERKS
- The app will show a rotating 6‑digit code.
- Enter the current code into the form on the SSO Portal
- Device name is optional
- Press Submit when finished.
- You should see a success message, and your authenticator will be listed as Configured, with the option to Delete.
6. Complete
- You may now close the browser window. MFA is now set up for your account.
After Enabling OTP
- At sign‑in: You’ll enter your username and password, then provide the 6‑digit code.
Managing Your Authenticator
- Replacing your phone:
- If possible, use this process on your new phone, before wiping the old one. Otherwise, you will need to contact IT to remove your old phone and set your account to require registration of a new device.
- Verify the new device generates valid codes.
- Remove the old device in Account Management → Security → Authenticator.
- If you no longer have your old phone and cannot log in, use Recovery codes or contact the Service Desk.
- Removing or resetting your authenticator:
- Go to Security → Authenticator and select Delete. You may be asked for a code. If you cannot provide one, contact support.
- Multiple devices: You may register more than one authenticator app for redundancy.
Comments
Article is closed for comments.