Skip to content

Multi-factor authentication types

Trimble Identity currently supports the below second-factor authentication types.

  • Passkeys
  • Secondary email
  • Time-based One-time Password (TOTP)

amr claim

Trimble Identity will return mfa in the amr claim of the JWT if MFA was used during sign in. AMR means Authentication Method Reference.

Passkeys

Passkeys are multi-factor authentication by design. With passkeys, you can sign in with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, eliminating the need to remember or manage passwords.

Secondary email

To configure this MFA method, users provide a secondary email and select Next. A verification code is sent to this secondary email. Once the user enters the verification code on the setup page, the process is completed.

 

One-time password

When a user turns on MFA, the default second-factor authentication will be verification code from a Time-based One-Time Password (TOTP) authenticator. This will require the user to have a TOTP Authenticator (such as Google Authenticator) on their device.

Users will be prompted when turning on MFA to scan the QR code provided in the Trimble Identity interface from within their TOTP App. This will create a one-time 6-digit password that must be entered for verification.

If a user cannot scan the QR code, they can select “Can’t Scan It?” below the QR code. This will provide the user with a setup key they can enter into the TOTP app instead. This should be entered in the same place a user is prompted to scan the QR code from.