CyberArk MFA - All About It

What is CyberArk again?

HY uses CyberArk as a 2FA authentication mechanism on our computers, HY websites and Microsoft services. CyberArk authentication is done using the smartphone app or an SMS/text message on your smartphone.  


Who does this impact?

Anyone who uses an @hoffmanyork.com email address is required to use this system. This includes part time staff and freelancers.

Benefits: With MFA in place, hackers have almost no way of infiltrating our systems. Even if your password is stolen or exposed, it can’t be used to access our systems.


I didn’t receive an authentication request, either through the CyberArk app or SMS/text, what’s up?

CyberArk doesn’t tell you if your password is wrong or expired.  If you didn’t receive an authentication request, its likely your password was entered incorrectly.  Start the login process over using the “Start Over” or left-arrow navigation buttons to try again.  


Why would I deny a login request? If a hacker is trying to access your account through a web-based service, you could get a login request when you’re not expecting it.  Never APPROVE a login request unless you yourself are attempting login!! And if you do receive unexpected requests, contact Eric about it.


What’s the difference between using the CyberArk app or SMS for authentication?

Authentication can be done using either option.  The CyberArk app requires data/internet service to work. SMS can work just cell/messaging services. SMS is also an option for “dumb” phones.  


Is having the CyberArk app installed on my phone a requirement?

Yes. In most cases, the app is not needed. But in the rarer case where your computer doesn’t have internet access, the CyberArk app is needed to access your computer.  


My computer is asking me to enter an ”Offline OTP”.  What is that?

This occurs when your computer doesn’t have internet access, or your connection is very poor.  “OTP” = One Time Passcode.  You’ll find your Offline OTP within the CyberArk app on your phone.        


To find the Offline OTP

    1. Open the CyberArk app on your phone.
    2. Select the menu in the top left corner.
    3. Select “Passcodes” from the menu.

    4. You should have 1 device listed with a 6-digit number.  The 6-digit number is your Offline OTP.  It changes every 30 seconds.* Some of you may have more than 1 device listed. Use the code associated with the device name you are trying to access.  


If having my phone is important for authentication, what happens if my battery is dead, or my phone is forgotton, lost, or stolen?

This can be tricky as our cell phones are our primary communication devices.

  1. Get a hold of Eric any way you can.
    • Share Eric’s contact information with a spouse, partner, friend, dog walker, etc.
    • Come to the office to find Eric or call him on any phone in the office. The common area or conference room phones have a speed dial labeled “IT Help”. This rings Eric wherever he is.
    • Ask someone else in the office to contact Eric.
    • If Eric isn’t available, Phil can be contacted as a backup. 

  2. Enroll a backup device.The CyberArk app can be installed on any newer iOS/Apple device or any newer Android device that supports the Google Play Store, this includes tablets. Again, these devices would require internet access to work. And they need to be enrolled, not just installed. Just know, authentication requests will be sent to all enrolled devices simultaneously.     


    Apple - CyberArk Identity on the App Store (apple.com)                     

    Android - CyberArk Identity - Apps on Google Play

Related Articles