Issue or remove a Microsoft Authenticator device in Care Identity Management

For the Registration Authority

You will need to set up a registration meeting with your user, either via video or face-to-face. Registration must be completed in your presence.

Microsoft Authenticator is currently only available for NCRS and MESH.

For the user

The user must:

• have the Microsoft Authenticator App installed on their Smartphone
• bring their device to the meeting
• have a working internet connection
• have an email account that is on the list of allowed domains

View the Warrantied Environment Specification to check browser compatibility.

From the Care Identity Management home page, choose 'Find an existing user'.

Enter the user's details and select 'Search'.

Choose 'View profile' on the right of the screen.

Go to the Authenticators tab on the user's profile page and select Issue other authenticator.

Select Microsoft Authenticator and continue.

You will now see a screen with instructions how to register the device.

When you've read the instructions and you are both ready to proceed, select 'Generate link'.

Copy the link and send it to the user by email, or paste it into the chat function of the video call software you are using.

The user should click the link. They will then be prompted to enter their Care Identity email address.

The user will receive a one-time password in their inbox.

The user should enter the One Time Password from their email and select Continue.

The user will then be prompted to create a password.

The user will then be prompted to scan a QR code using the Microsoft Authenticator app on their phone.

When the Microsoft Authenticator app has scanned the QR code, it will automatically add the account to the app.

Guide the user back to their browser and ask them to select Next.

They will now be prompted to enter their verification code. This is the 6 digit code from the Microsoft Authenticator app.

Guide the user to look at the code in the Microsoft Authenticator app. Ensure there is enough time to read and type in the code before the timer ends.

The user will then be shown a screen confirming that registration was successful.

The user can now close the page.

The user profile page will now show that the user's device has been registered.

To test and demonstrate that the registration of the Microsoft Authenticator device has been successful, the user needs to authenticate using Microsoft Authenticator.

From the user's profile, select the 'Authenticators' tab, find the Microsoft Authenticator device in the list and select 'Remove' on the right.

Select the box to confirm you want to remove the Microsoft Authenticator device, followed by the 'Remove authenticator' button.

Finally you'll see a message confirming that the device has been removed from the user's profile.

If the user changes their mobile device, they'll need to transfer the authenticator to the new device.

Depending on the device it may be possible to transfer the authenticator directly to the new device.

If not, the user will need to ask a Registration Authority user to remove the existing authenticator before adding the new device as described above. Note if the user has another authenticator then they can add this themselves in Care Identity Management.