Use this guide for a successful rollout of password-less 2FA for your employees.

Keep your employees secure and happy with security designed for humans, not just optimized for machines. Learn about the power of a password-less 2FA experience, what you’ll need to implement Trusona successfully, and access the assets to make it all happen. Welcome aboard.

Table of contents

SSO

  • Implementation

  • What you’ll need

  • Branding your SSO experience

  • Onboarding your employees

  • What your employees can expect

  • Communications

VPN

  • Implementation

  • What you’ll need

  • Onboarding your employees

  • What your employees can expect

  • Communications

Resources

  • FAQs

  • Troubleshooting for your employees

  • Branding assets

  • About Trusonauts

  • About Trusona



SSO

Stronger, password-less 2FA for your single sign-on.

Use Trusona’s tech to improve and strengthen your SSO login experience and decrease the chances of all kinds of attacks, including phishing, man-in-the-middle and replay. Plus, you can do away with vulnerable, static credentials and extra hardware tokens that are costing you money.

What you’ll need

Mobile device for each employee

Whether it’s company’s property or employee-owned, a mobile device per person with internet connection is needed for the optimal password-less 2FA experience. Currently iOS 10.0 or higher, on iPhone 5s or newer, and Android API 21 or higher are supported.

Alternatively, if an employee doesn’t have access to a smart phone at the time of login, an automated phone call will serve as a second-factor of authentication.

Trusona app installed for each employee

Employees will use the Trusona mobile app for authenticating. It’s available in the App Store and Google Play Store. Registration takes less than one minute.

Does your organization have an app? Use the Trusona Mobile SDK to authenticate employees. Check out the Implementation Get Started Guide for more security and usability guidelines.

SSO implementation

Ready to treat your employees to a better, more secure IAM/SSO experience while saving money? Let’s do this.

You can use Trusona with virtually any web app that supports SAML or OpenID Connect authentication. Many of our customers use OKTA, ForgeRock, Ping or Microsoft. We can support any.

Once Trusona has provisioned your IT department with your enterprise customer account, you’ll receive your credentials.

NOTE: this is a one-time provisioning at your company-level. Each employee does not need to be provisioned. Then, you’ll exchange integration details and get rolling with the configuration. Configuration is usually completed the same day.

Our Ops team is here to help. To answer your questions promptly and ensure we’re meeting your success metrics, we recommend to check in weekly during the first month after going live.

Are you looking for a custom authentication solution? Get access to Trusona’s Server SDKS and contact us with your ideas. We’re all ears.

Employee onboarding

Onboarding is easy. Each employee is responsible for downloading the Trusona mobile app from the App Store or Google Play Store. After they complete the 60-second registration, they’re ready to go. Honestly, there’s nothing else they need to do.

Ensure your employees use their current company email during registration. A step-by-step guide for app registration is available.

Branding the gateway

When using Trusona with your IAM / SSO, your employees will go from your login page to the Trusona gateway, where they’ll scan a unique code using their mobile device.

We know how important your brand is. Trusona helps create a consistent experience for your employees by allowing your team to customize the gateway with your logo, imagery, custom URL and brand colors. Get access to all assets and instructions.

What can your employees expect?

Accessing apps and tools via your SSO just became a lot easier. Your team can now focus on working without the hassle of managing, remembering, typing or changing usernames and  passwords. You’re welcome.

All logins will be completed using the Trusona app.

Logins on desktop browsers

  1. When users click the “Easy Login” button on the SSO login page, they’ll be redirected to Trusona’s gateway, where a one-of-a-kind, animated code will render.

  2. After unlocking their device and Trusona app, your employee must scan that code using the Trusona app scanner.

  3. Once scanned, a login verification on the mobile device will prompt them to “Accept” or “Reject” the login.

  4. After the login verification is accepted, the login is complete and your employee has access to their SSO. Happy workday!

Logins on mobile web

Trusona uses deep-linking to complete logins on mobile devices. To log in using Trusona, users tap the “Easy Login” button on the SSO login page.

  1. They’ll be prompted to complete the login.

  2. After they unlock the Trusona app they can do so by tapping “Accept”

  3. Once the login verification is accepted, the login is complete and your employee has access to their SSO.

  4. Now, this is how to start a work day!

Communications

When you’re ready to share the good news about password-less 2FA for SSO, we recommend you advise your team of the oncoming changes before the general availability date, again on release week, and again to check in frequently after going live.

You may use these templates, or customize them with your brand’s voice and tone.

Before general availability announcement email template for SSO

Email subject: Password-less 2FA for SSO is coming!

Dear Team member,

We hear you! Usernames, passwords, tokens and codes do not make for quick access to the things that matter to you at work.

We’re working on simplifying and strengthening SSO logins for you.

We’re happy to announce, starting [month], [date] all you need to log into your SSO is your mobile device with the Trusona app installed. (Available in the App Store and Google Play Store.)

Say goodbye to the headache of passwords, extra hardware tokens and typing codes Get ready for modern SSO logins.

More details are coming. Stay tuned!

Yours,

Your organization’s IT team

Release week email announcement template for SSO

Email subject: IMPORTANT: New, simpler SSO logins

Dear Team member,

We’re implementing simpler, more secure SSO logins so you can get to what matters faster and more securely.

What does this mean for you?

Starting [month, day] you will use your mobile device with the Trusona mobile app installed to approve every login to your SSO. Say goodbye to your security hardware token or typing of usernames, passwords or codes at every login.

Every SSO login must be approved by you using the Trusona app. Download it from the AppStore for iPhone or the Google Play store, if you’re using an Android device. Make sure you register in the app using your current Organization’s email.

If you need more detailed instructions, or have questions refer to the How to Register in the Trusona App attachment, go to the FAQ page, or simply contact the IT team by responding to this email.

Yours,

Organization’s IT team

 

VPN logins

Stronger, password-less 2FA for your virtual private network.

Keeping your employees off public networks is the first to-do towards good security hygiene.

Secure your VPN logins with usable, one-step 2FA so your employees want to use your company’s VPN over the creepy airport WiFi.

What you’ll need

Mobile device for each employee

Whether it’s company- or employee-owned, a mobile device per person with internet connection is needed for the optimal password-less 2FA experience. Currently iOS 10.0 or higher on iPhone 5s or newer, and Android API 21 or higher is supported.

Alternatively, if an employee doesn’t have access to a smart phone at the time of login, an automated phone call will serve as a second-factor of authentication.

Trusona app installed for each employee

Employees will use the Trusona mobile app for authenticating. It’s available in the App Store and Google Play Store. Registration takes less than one minute.

Does your organization have an app? Use the Trusona Mobile SDK to authenticate employees. Check out the Implementation Get Started Guide for more security and usability guidelines.

VPN implementation

Ready to make VPN logins usable? Welcome aboard.

You can use Trusona with any VPN solution that speaks RADIUS.

Once the Trusona Ops team provisions your  IT department with your enterprise customer account, you’ll receive your credentials along with an appliance to run in your environment. NOTE: this is a one-time provisioning at your company-level. Each employee does not need to be provisioned. We’re always available for a call, if you have questions.

Trusona’s Ops team is always happy to help. To ensure we’re meeting your success metrics and the rollout is going smoothly, we recommend a weekly check-in during the first four weeks after deployment.

Employee onboarding

Onboarding your employees is a piece of warm, delicious cake. Direct your team members to download the Trusona App on their mobile devices and register using their current organization’s email.

What can your users expect?

Connecting to your VPN will be simpler and more secure. Users will need their mobile device with the Trusona app installed to approve every login.

Logins take seconds.

  1. Users will initiate their login in the same way they do today.

  2. Then they’ll receive a login verification via push notification to their mobile device.

  3. For security reasons, users must unlock their device and the Trusona app in order to access the approval screen.

  4. When your user taps the “Accept” button, they’ll see confirmation on their device and will be automatically connected to VPN.

VPN communications

Is your configuration is all set up? It’s time to share the good news!

We recommend you communicate with your team early and often. Some of our customers prefer to announce the changes to the authentication flow weeks before the launch, as well as the week of the launch.

You may want to use these email announcement templates, or customize them so they fit your needs, brand, and voice and tone.

Before general availability announcement email template for SSO


Email subject:
Modern VPN authentication is around the corner

Dear team member,

We heard you loud and clear, using usernames and passwords plus a security token to log into the VPN is in the way of getting work done.

We’re happy to announce those steps are a thing of the past in our organization. We will soon start using Trusona’s VPN solutions so you can connect to our secure network faster and more securely.

What does this mean for you?

You no longer have to use your password every time you log into our organization’s VPN and you no longer have to carry your extra security token. Yes, you read that right.

Starting [Month], [date] you will be able to log into our organization’s VPN using your smartphone!

More information and detailed instructions are coming soon. Stay tuned!

Yours,

Your Organization’s IT Services

On release week email template


Email subject
: IMPORTANT: New, simpler VPN logins

Dear team member,

We’re implementing simpler, more secure VPN logins so you can get to what matters faster and more securely.

What does this mean for you?

Starting [Month, day] you will access the VPN using your mobile device and the Trusona app. Say goodbye to your security hardware token or typing of usernames, passwords or codes at every login.

Every VPN login must be approved by you using the Trusona app. Download it from the AppStore for iPhone or the Google Play store, if you’re using an Android device. Make sure you register in the app using your current Organization’s email.

If you need more detailed instructions, or have questions refer to the How to Register in the Trusona App attachment, go to the FAQ page, or simply contact the IT team by responding to this email.

Yours,

Organization’s IT team

 

More solutions

Access a broad range of identity and login security solutions for your employees, from new employee onboarding (NEO) and remote identity proofing to virtual desktop and step-up authentication in different channels, among many others. Tell us about your security needs. We love talking shop.

Resources

Onboarding doc

Onboarding your employees with Trusona is super easy. Each employee is required to download the app into their mobile device and register.

Branding

Branding your employee’s SSO login experience is simple. Create a consistent flow starting with the gateway.

Troubleshooting

Check out these frequently asked questions and simple fixes.

I’m not getting the push notification on my phone after initiating a VPN login on my computer. Make sure you have the Trusona app installed on your phone and registered with your current organization’s email. If you don’t have it, download the app from the App Store or Google Play Store and register. Then use the app to approve the VPN every login you initiate from your machine.

Can’t install the Trusona app on my phone. You mobile device must have a locked screen in order to install the app. Any lock will work, including TouchID, Face ID, passcode, PIN, or swipe pattern. “Jailbroken” devices won’t work with the Trusona app. This guarantees your device and assets are secure and free of malware.

The app is asking me for a PIN that I don’t remember. The Trusona app is protected with the same security you choose for your device. If you protect your device with a PIN, use it to unlock the app. If you use FaceID or a swipe pattern, use those to access the Trusona app.

FAQ

How is this two-factor authentication (2FA)? Your employee’s mobile device

is a possession factor or something they have. Unlocking said device with biometrics is an inherence factor. Unlocking it with a passcode, swipe pattern, PIN, etc is a knowledge factor.

How does this reduce costs for my organization? You can see your password maintenance costs, like IT help desk time and productivity losses, plunge after implementing Trusona’s simpler UX and stronger security solutions. Plus, you can replace those expensive hardware tokens with the device your employees already have in their pocket.

How is Trusona’s password-less 2FA better than using SMS (text message) as a second factor?

SMS (text message) as a second factor is known to be vulnerable. With no passwords to create, manage, remember or type, there are also no credentials that can be stolen.

How is Trusona’s password-less 2FA better than using a dongle or extra security token? When security is at stake, usability is paramount. Trusonas’ solutions don’t require you to buy, manage or distribute extra hardware. It uses the most secure hardware that’s already on your employee’s pocket: their mobile device. The simpler UX eliminates the need for passwords, but also typing of extra codes.

 

About Trusonauts

We are a highly motivated group of cybersecurity veterans who decided to get together and do something about all-too-frequent security breaches. We value family, friends, fellow Trusonauts, customers, investors and our community—in that order.

We’re professional music players and choir singers; bike riders and former pilots; paintball players and chess enthusiasts; we surf waves and browse the web; we’re desert hikers and ice hockey players; gym rats and binge watchers; we’re painters and napkin doodlers; we’re golfers and action figure collectors. We build beach cabins and Lego sets. Why not fix the fundamental problem of online identity while we’re at it?

Our common vision is a safer world with #NoPasswords. We show up every morning, resort casual, to make it happen.

 

About Trusona

Trusona’s industry-leading, password-less multi-factor authentication replaces usernames, passwords and typing with a dynamic login that uses patent-pending anti-replay security. Designed with the user experience in mind, Trusona makes authentication both convenient and more secure at scale. Organizations in financial services, healthcare, higher education, media and more trust Trusona for authentication into any digital channel.