THE UNITED REPUBLIC OF TANZANIA

PRESIDENT’S OFFICE
e-GOVERNMENT AUTHORITY
ISO 9001: 2015 Certified

NGAO PLATFORM
(Multi-Factor Authentication System)

User Manual
(FAS)

Published: March, 2025

Contents
1 Introduction .................................................................................................................................... 3
1.1 Overview of NGAO Platform ................................................................................................... 3
1.2 Purpose of the Manual ........................................................................................................... 3
2 Getting Started................................................................................................................................ 4
2.1 Prerequisites for NGAO Platform Registration and Authentication. ...................................... 4
2.2 Accessing the FAS Systems ..................................................................................................... 4
2.3 Common Terminology ............................................................................................................ 5
3 Registration into NGAO Platform.................................................................................................... 5
3.1 Step 1: Logging into FAS .......................................................................................................... 5
3.2 Step 2: Redirect to NGAO Platform for Registration .............................................................. 6
3.3 Step 3: Selecting Authentication Methods ............................................................................. 6
3.4 Step 4: Completing Registration ........................................................................................... 11
4 Authentication Process ................................................................................................................. 13
4.1 Logging into FAS .................................................................................................................... 13
4.2 Step-by-Step Authentication Process via NGAO Platform .................................................... 14
4.2.1 Method 1: SMS OTP ...................................................................................................... 14
4.2.2 Method 2: NGAO App (TOTP) ....................................................................................... 14
4.2.3 Method 3: Hardware Key .............................................................................................. 15
4.3 Successful Authentication ..................................................................................................... 15
5 Using the NGAO Authenticator App ............................................................................................. 16
5.1 Installing and setting up the NGAO Authenticator App........................................................ 16
5.1.1 Steps to Install the NGAO Authenticator App:.............................................................. 16
5.1.2 Setting up the NGAO Authenticator App: ..................................................................... 16
5.2 Generating OTP for FAS Systems .......................................................................................... 18
5.2.1 Steps to Generate OTP using NGAO Authenticator App: ............................................. 18
5.2.2 Important Notes:........................................................................................................... 18
5.3 Using the Grouped View for OTPs ........................................................................................ 18
5.3.1 Steps to Use Grouped View: ......................................................................................... 18
6 Multi-Factor Authentication (MFA) Setup – self service .............................................................. 19
6.1 Enable or Disable MFA in FAS ............................................................................................... 19
6.1.1 Steps to Enable MFA ..................................................................................................... 19
6.2 Steps to Disable MFA ............................................................................................................ 20
6.3 Overview of MFA Options in FAS .......................................................................................... 21

1
 6.4 Register Additional MFA Method in FAS Systems ................................................................ 21
6.4.1 Steps to register additional MFA Method: ................................................................... 22
6.5 Managing and Changing MFA Options ................................................................................. 23
6.5.1 Steps to Manage MFA: .................................................................................................. 23
6.6 Trusting Device while using NGAO on FAS............................................................................ 24
6.6.1 pen the MFA panel ........................................................................................................ 24
6.6.2 5 Using a Trusted Device .............................................................................................. 27
6.6.3 6 Stop trusting a device early ....................................................................................... 27
7 Troubleshooting ............................................................................................................................ 27
7.1 Common Issues During Registration and Authentication ..................................................... 28
7.1.1 Issue 1: Not Receiving OTP via SMS or Email ................................................................ 28
7.1.2 Issue 2: OTP Expired ...................................................................................................... 28
7.1.3 Issue 3: Unable to Scan QR Code for NGAO Authenticator App (TOTP) ....................... 28
7.1.4 Issue 4: Hardware Security Key Not Detected .............................................................. 29
7.1.5 Issue 5: Cannot Access NGAO Platform ........................................................................ 29
7.2 FAQ on Using NGAO Authenticator App ............................................................................... 30
7.2.1 Q1: Can I use the NGAO Authenticator App on multiple devices? ............................... 30
7.2.2 Q2: What happens if I lose my phone with the NGAO Authenticator App installed? .. 30
7.2.3 Q3: How do I switch between SMS OTP to the NGAO Authenticator App (TOTP)? ..... 30
7.2.4 Q4: Can I use a hardware security key and the NGAO Authenticator App together? .. 30
7.2.5 Q5: Why am I being asked to authenticate twice? ....................................................... 30

2
1 Introduction

The NGAO Platform is a secure authentication system developed by the e-

Government Authority (e-GA) to enhance the security of various government systems.
This platform implements a Multi-Factor Authentication (MFA) method, which adds
an extra layer of security to user logins by requiring not only a password but also a
one-time passcode (OTP) generated via the NGAO Authenticator app or sent through
SMS or email, but also system allow user to use soft tokens by utilizing Hardware
devices such as YubiKey or mobile phone.

1.1 Overview of NGAO Platform

The NGAO Platform is designed to:

• Enhance the security of government systems by incorporating a second layer of

authentication.
• Reduce unauthorized access to critical systems, such as the FAS, by
implementing multi-factor authentication (MFA).
• Provide multiple authentication methods for users, including SMS OTP, TOTP
(via the NGAO Authenticator app), hardware security keys, and email-based
OTP.

The platform integrates seamlessly with existing systems, ensuring minimal disruption
while maximizing security.

1.2 Purpose of the Manual

The purpose of this manual is to guide users through the process of:

• Registering on the NGAO Platform after logging into the FAS system.
• Using the NGAO Platform to authenticate their logins securely.
• Setting up and managing the NGAO Authenticator app for generating one-time
passcodes (OTPs).
• Multi-Factor Authentication (MFA) setup – Self Service.

3
2 Getting Started

This section outlines the prerequisites and steps to get started with the registration
and authentication processes.

2.1 Prerequisites for NGAO Platform Registration and Authentication.

Before you can register and authenticate via the NGAO Platform, there are a few
prerequisites you need to ensure are in place:

1. Valid System Account:

o Ensure you have a valid account for the FAS system. You must have login
credentials to access these systems.
2. Mobile Device (for OTP Generation):
o You will need a mobile device capable of receiving one-time passcodes (OTP)
via SMS, email, or the NGAO Authenticator app.
3. NGAO Authenticator App (for OTP Generation):
o For users opting to use the Time-based One-Time Password (TOTP) option, you
must download and install the NGAO Authenticator App from the official app
store (available for both Android and iOS).
o The app is essential for generating OTPs used for system login and added
security.
4. Hardware Security Key (Optional):
o Users opting to use a hardware security key must have a registered key that
complies with the standards supported by the NGAO Platform such as YubiKey.
This key will be used for hardware-based multi-factor authentication.

2.2 Accessing the FAS Systems

To use the NGAO Platform for authentication, users must first log in to the respective
government systems integrated with the NGAO Platform. The system covered in this
manual is:

• FAS (Funds Administration System): is a software platform designed to manage and

administer collective investment schemes, specifically the FAIDA Fund. It streamlines
the process of investing in shared funds by allowing individuals—regardless of their
financial capacity—to purchase or sell fund units using multiple digital channels (web,
mobile app, and USSD).

This system requires the user to have valid login credentials (email and password) to
initiate the process.

4
2.3 Common Terminology

• One-Time Passcode (OTP): A temporary, single-use passcode sent via SMS, email, or
generated by the NGAO Authenticator app, which is required in addition to the
password to log into the system.
• Time-Based One-Time Password (TOTP): A secure, time-sensitive passcode
generated by the NGAO Authenticator app, used as an alternative to SMS or email
OTP.
• Multi-Factor Authentication (MFA): A security measure that requires users to provide
two or more verification methods (e.g., password + OTP) to gain access to a system.
• Hardware Key: A physical device (such as a YubiKey) that users can insert into their
computer to authenticate their identity securely.

3 Registration into NGAO Platform

This section provides a detailed, step-by-step guide to registering on the NGAO

Platform.

3.1 Step 1: Logging into FAS

1. Open your web browser and navigate to the system you need to access:
2. For FAS, use https://fas.whi.go.tz/
3. On the login screen, enter your username (email) and password.
4. Click on the Login button. If your credentials are correct and you haven't
registered with the NGAO Platform yet, you will automatically be redirected to
the NGAO Platform for registration.

Figure 1 FAS Login page

5
3.2 Step 2: Redirect to NGAO Platform for Registration

After successfully entering your credentials into the FAS system, you will be redirected
to the NGAO Platform, where you can register for authentication services.

Upon redirect, you will be presented with a screen on the NGAO Platform that prompts
you to choose your preferred authentication method. There are several options
available, depending on your preference and system requirements.

Figure 2 NGAO Authentication Methods Options

3.3 Step 3: Selecting Authentication Methods

The NGAO Platform offers multiple options for authentication. Depending on your
organization’s security policy or personal preference, you can choose one or more of
the following options:

• SMS OTP: Receive a one-time passcode via SMS on your registered mobile number.
• NGAO App (TOTP): Use the NGAO Authenticator app to generate a time-based one-
time passcode (TOTP).
• Hardware Key: Use a physical hardware device (such as a USB key) for secure
authentication.
• Email OTP: Receive a one-time passcode through email.

To proceed, follow these steps:

1. Choose your preferred authentication method by selecting one of the radio buttons.
2. For SMS OTP, enter your mobile number in the space provided.
3. For NGAO App (TOTP), scan the QR code with the NGAO Authenticator app on your
mobile device to register your account.
4. For Hardware Key, plug in your hardware security key when prompted.

6
Once you’ve selected and configured your method of authentication, click Submit.

Figure 3 Registration of OTP Based SMS authentication Method

Figure 4 QR Code for scanning during Mobile App Registration

7
Figure 5 Registering E-Mail as authentication method

Figure 6 Registering Hardware as Authentication Method

8
Figure 7 Steps on registration of Hardware Method for Authentication

Figure 8 Steps on registration of Hardware Method for Authentication

9
Figure 9 Steps on registration of Hardware Method for Authentication – At this stage you should insert security key

Figure 10 Steps on registration of Hardware Method for Authentication - At this stage you should input password of security
key

10
Figure 11 Steps on registration of Hardware Method for Authentication - At this stage you should touch the security key

Figure 12 Steps on registration of Hardware Method for Authentication - At this stage registration process is completed

3.4 Step 4: Completing Registration

After submitting your authentication method, the system will finalize your registration
on the NGAO Platform.

• If you selected SMS OTP, you will receive an SMS with a one-time passcode on
your mobile device. Enter the code into the provided field and click Submit to
complete registration.

11
 • If you selected NGAO App (TOTP), the NGAO Authenticator app will display a
six-digit OTP. Enter this code into the platform and click Submit to complete
registration.

Figure 13 First time Registration using OTP received via SMS

Figure 14 Email method Registration - OTP Received via E-Mail

12
Figure 15 Email method Registration - OTP Submission for registration

After completing these steps, your account will be successfully registered with the
NGAO Platform, and you can use the selected authentication method to log into the
FAS system.

Summary of Registration Process:

1. Log into the FAS system.

2. Get redirected to the NGAO Platform for registration.
3. Select your authentication method (SMS OTP, TOTP via NGAO App, Hardware Key, or
Email OTP).
4. Complete registration by entering the OTP from the chosen method.

You are now ready to authenticate securely using the NGAO Platform whenever you
access the FAS systems.

4 Authentication Process

This section explains how to authenticate using the NGAO Platform, including step-
by-step instructions for each supported method: SMS OTP, NGAO Authenticator
App (TOTP), and Hardware Security Key.

Once registered on the NGAO Platform, each time you log in to the FAS system, you
will need to authenticate using the selected multi-factor authentication (MFA) method.

4.1 Logging into FAS

1. Open your browser and navigate to the system you need to access:

o For FAS, go to: https://fas.whi.go.tz/

13
 2. Enter your username (email) and password.
3. Click on the Login button. After a successful login, the system will redirect you
to the NGAO Platform for authentication.

4.2 Step-by-Step Authentication Process via NGAO Platform

Once you have logged into the third-party system, the NGAO Platform will require you
to authenticate with the method you registered during the initial registration process.

4.2.1 Method 1: SMS OTP

1. Upon logging in, you will be prompted to enter the one-time passcode (OTP) sent to
your registered mobile number via SMS.
2. Open the SMS message received on your phone, which will contain a 6-digit OTP.
3. Enter the OTP in the space provided on the NGAO Platform screen.
4. Click Submit to complete authentication.

Figure 16 Authenticate by using OTP from SMS

4.2.2 Method 2: NGAO App (TOTP)

1. If you have selected the NGAO Authenticator App (TOTP) as your preferred
authentication method, open the NGAO Authenticator App on your mobile device.
2. The app will display a 6-digit, time-based OTP for each of your registered accounts
(FAS).
3. Enter the OTP for the relevant system into the field on the NGAO Platform.
4. Click Submit to complete authentication.

14
Figure 17 Authenticate using TOTP from NGAO App

4.2.3 Method 3: Hardware Key

1. If you have opted for a Hardware Security Key, plug the key into your device’s USB
port.
2. The NGAO Platform will automatically detect the security key and authenticate you.
3. Once the hardware key is validated, click Submit to complete the process.

4.3 Successful Authentication

After entering the correct OTP or completing the hardware key process, the NGAO
Platform will authenticate your session and redirect you back to the FAS system. You
will now have full access to the system, with the assurance that your login was securely
verified.

Summary of Authentication Process:

1. Log in to the FAS system using your credentials.

2. You will be redirected to the NGAO Platform for multi-factor authentication.
3. Depending on your registered method, authenticate using:
o SMS OTP
o NGAO Authenticator App (TOTP)
o Hardware Security Key
4. Complete the authentication by entering the OTP or connecting your security key.
5. Access the FAS system securely.

15
5 Using the NGAO Authenticator App

The NGAO Authenticator App provides an efficient and secure method for
generating Time-based One-Time Passwords (TOTP) for logging into the FAS
systems. It is a mobile app that generates 6-digit OTPs every 30 seconds, ensuring that
users can authenticate even without network coverage. This section provides a guide
on setting up, using, and managing the NGAO Authenticator App.

5.1 Installing and setting up the NGAO Authenticator App

To begin using the NGAO Authenticator App, you must first install and set it up on
your mobile device.

5.1.1 Steps to Install the NGAO Authenticator App:

1. Android Users:
o Open the Google Play Store on your Android device.
o Search for NGAO Authenticator.
o Tap Install and wait for the app to download and install.
2. iOS Users:
o Open the Apple App Store on your iPhone or iPad.
o Search for NGAO Authenticator.
o Tap Get to download and install the app.

5.1.2 Setting up the NGAO Authenticator App:

1. Open the NGAO Authenticator App once installed.

2. When prompted, scan the QR code displayed during your registration process on the
NGAO Platform for FAS.
3. After scanning the QR code, the NGAO Authenticator will automatically generate a 6-
digit OTP for your account.

Your account is now linked to the app, and you can begin using the app to authenticate
each time you log in.

16
Figure 18 TOTP Generated per system registered in NGAO App

17
5.2 Generating OTP for FAS Systems

Once the NGAO Authenticator App is set up, you can generate one-time passwords
(OTPs) for secure authentication each time you log in to the FAS system.

5.2.1 Steps to Generate OTP using NGAO Authenticator App:

1. Open the NGAO Authenticator App on your mobile device.

2. The app will display a list of accounts you have registered (e.g., FAS).
3. Next to each account, you will see a 6-digit OTP.
4. The OTP is time-based and will automatically refresh every 30 seconds. Ensure you
enter the OTP while it is still valid.
5. Enter the OTP in the required field on the NGAO Platform when prompted during
authentication.

5.2.2 Important Notes:

• The OTP is valid for a short duration (typically 30 seconds), so ensure you enter the
code promptly.
• The app does not require an internet connection to generate OTPs, making it a reliable
method even when network coverage is unavailable.

5.3 Using the Grouped View for OTPs

The NGAO Authenticator App also offers a Grouped View feature that allows users to
organize OTPs based on the system or account type.

5.3.1 Steps to Use Grouped View:

1. Open the NGAO Authenticator App.

2. At the bottom of the screen, tap Grouped to view OTPs organized by category (e.g.,
Government Systems, Personal Accounts).
3. This view helps users manage multiple OTPs efficiently by grouping related accounts
together.

18
6 Multi-Factor Authentication (MFA) Setup – self service

In the FAS systems, users can configure their Multi-Factor Authentication (MFA)
settings directly within the third-party system. The NGAO Platform handles the
authentication process, but the enabling, disabling, setup and management of MFA
methods (such as adding or modifying MFA methods) are managed through the FAS
interfaces.

6.1 Enable or Disable MFA in FAS

Within FAS, you can enable or disable NGAO Multi‐Factor Authentication (MFA)
methods as needed. Although authentication is ultimately handled by the NGAO
Platform, you perform MFA setup (including activation and removal) in the FAS
interface.

6.1.1 Steps to Enable MFA

1. Log In to FAS
Use your FAS username and password to sign in.

2. Navigate to the MFA Settings

o Go to Profile → Multi-Factor Authentication (MFA)

o You should see your account and current MFA status.

3. Select “Enable” (the Green Checkmark “C” on Fig. 20)

o Locate the user row you want to enable MFA for.

o Click the Green Checkmark button to begin activation.

4. Confirm Activation

o A confirmation dialog will appear, asking if you want to activate NGAO

MFA (Fig. 19).

o Click Yes to confirm and continue.

19
Figure 19 MFA Activation Confirmation

5. Complete any Required Verification

o Depending on the MFA method you selected (e.g., SMS, Email, or

Authenticator App), the system may prompt you to verify by entering
an OTP or scanning a QR code.

o Follow the on‐screen prompts to finalize activation.

6. Save Changes

o After verifying, the system will mark MFA as Enabled in the table.

o Ensure you click Save (if prompted) to finalize your changes.

6.2 Steps to Disable MFA

1. Log In to FAS
As above, use your FAS username and password.

2. Navigate to the MFA Settings

o Again, go to Profile → Multi-Factor Authentication (MFA).

o Find the user row showing your current MFA status.

3. Select “Remove”

o Click the Red X button to un‐register (remove) the MFA method for
that user.

4. Confirm Removal

o A confirmation dialog will appear (e.g., “You are about to disable

(remove) NGAO – Multi‐factor Authentication method”).

o Click Yes to confirm and continue, or No to cancel.

20
 5. Save Changes

o Once removal is confirmed, FAS will mark MFA as FALSE (disabled) in

the table.

o If prompted, click Save to finalize.

6.3 Overview of MFA Options in FAS

The FAS systems offer various MFA methods to enhance security, ensuring users can
authenticate securely. The available MFA methods include:

• SMS OTP: A one-time passcode sent to your mobile phone via SMS.
• NGAO Authenticator App (TOTP): A time-based one-time passcode generated by
the NGAO Authenticator App.
• Hardware Security Key: A physical device like a USB security key for hardware-based
authentication.
• Email OTP: A one-time passcode sent to your registered email address.

These options allow users to securely access the system by verifying their identity with
both their password and the chosen MFA method.

Figure 20 NGAO Authentication Management in FAS

6.4 Register Additional MFA Method in FAS Systems

When accessing FAS, users can register additional method on MFA settings directly
within the system. The NGAO Platform will only be used for handling the
authentication process and administrative level support, but all MFA configurations
happen within the third-party system.

21
6.4.1 Steps to register additional MFA Method:

1. Log into the Third-Party System:

o Use your username and password to log into the FAS system.
2. Navigate to MFA Settings:
o Once logged in, navigate to the Profile then Multi-Factor Authentication
(MFA) section within the FAS system.
3. Choose MFA Methods:
o In the MFA settings, select the method(s) you wish to register for your account:
▪ SMS OTP: Enter your mobile number to receive OTPs via SMS.
▪ NGAO Authenticator App (TOTP): Scan the QR code with the NGAO
Authenticator App on your mobile device to generate time-based
passcodes.
▪ Hardware Key: Insert your USB security key to register it with your
account.
▪ Email OTP: Provide your email address to receive OTPs via email.
4. Save and Verify MFA:
o Once you’ve selected the MFA method(s), the system will ask you to verify each
method (e.g., by entering an OTP received via SMS or email, or confirming the
registration of the security key).
5. Save Changes:
o After successfully verifying the MFA methods, click Save to finalize your setup.

Figure 21 Add Authentication Method dialog

22
Figure 22 NGAO Authentication Management in FAS

6.5 Managing and Changing MFA Options

Users can return to the FAS system at any time to modify their MFA settings.

6.5.1 Steps to Manage MFA:

1. Log into FAS.

2. Go to the Profile then Multi-Factor Authentication (MFA) section.
3. In the MFA Options section, you can update or change the method:
o SMS OTP: Change your mobile number.
o NGAO Authenticator App: Link a new device by scanning a QR code.
o Hardware Key: Add or remove your hardware key.
o Email OTP: Update your email address for OTP delivery.
4. Verify Changes: Any changes you make will require you to verify the new MFA
method, such as entering an OTP or connecting your hardware key.
5. Save Changes: Once you’ve verified the changes, click Save to apply them.

23
Figure 23 Removing Authentication Method by authenticating first - self service

Figure 24 Removing Authentication Method selection - self service

6.6 Trusting Device while using NGAO on FAS

6.6.1 pen the MFA panel

1. Log in to FAS normally (email + password).

2. In the left navigation, choose My Accounts → the user profile page.
3. Scroll to the card labelled “Multi-Factor Authentication (MFA)”.
Here you should see your e-mail, MFA Status = ACTIVE, and a blue button
Add MFA method.

24
6.6.1.1 4.2 Start the trust process

1. Click the blue ➕ Trust this device button (far right of the MFA card).
2. A pop-up titled “Customize usage of MFA – NGAO” appears (Screenshot ①).

Figure 25 Trust Device Option

6.6.1.2 4.3 Set the trust duration

1. In the field “Enter Trust Time (H:m:s)” either:

o Type the duration manually (e.g., 10:00:00 for 10 hours), or
o Click the field to open the clock picker (Screenshot ②) and select
hours/minutes.
2. Recommended practice:
o 8–10 hours for a workday.
o 00:00:00 is not allowed (minimum 1 minute).
3. Click Submit.

25
Figure 26 Set Trust Duration

6.6.1.3 4.4 Confirm with MFA

1. Immediately after Submit you will be asked to authenticate once with your usual
second factor (SMS, TOTP, or hardware key).
2. Complete the challenge → Success banner appears.
3. In the MFA Usage table a new row is created with:
o Device Type / OS / IP / Browser
o Status = PENDING TRUST
o Trust Time shows the duration you chose (Screenshot ③).

Figure 27 Trust Confirmation

6.6.1.4 4.5 Activate trust

1. Log out of FAS.

2. Log back in once with MFA.

26
 During this login, NGAO recognises the pending record and upgrades it to
o
TRUSTED.
3. Re-open the MFA panel to verify Status = TRUSTED and the Last Used Date is
updated (Screenshot ④).

Figure 28 Active Trust

6.6.2 5 Using a Trusted Device

• While the trust timer is running, you will not be prompted for MFA on this
device/browser.
• The timer counts down from the last successful login. Each login resets the
countdown.
• If you clear cookies, switch browsers, or change IP drastically, the trust record may
be invalidated.

6.6.3 6 Stop trusting a device early

1. Go to the Customize MFA Usage table.

2. Locate the row with Status = TRUSTED.
3. Click the red 🗑 trash-can under Actions.
4. Confirm → the row disappears and MFA will be required next login.

7 Troubleshooting

While using the NGAO Platform for authentication with the FAS system, you may
encounter occasional issues. This section provides solutions to common problems
related to registration, authentication, and multi-factor authentication (MFA) setup.

27
Additionally, it offers guidance on how to resolve these issues to ensure smooth and
secure access.

7.1 Common Issues During Registration and Authentication

7.1.1 Issue 1: Not Receiving OTP via SMS or Email

If you are not receiving the one-time passcode (OTP) via SMS or email, this can be due
to several reasons, including network delays or incorrect contact information.

Steps to Resolve:

1. Resend OTP:
o On the OTP input page, click on the Resend OTP button to request another
code.
o Ensure that your device has good network connectivity if you are waiting for an
SMS OTP.
2. Check Spam or Junk Folder (Email OTP):
o If using Email OTP, check your spam or junk email folder to see if the OTP email
was misdirected.
3. Verify Network Connectivity:
o For SMS OTP, make sure that your phone is in a location with good mobile
network reception.
4. Contact Support:
o If you still do not receive the OTP, contact your IT support or the e-Government
Authority for further assistance.

7.1.2 Issue 2: OTP Expired

The OTP generated for your authentication is time-sensitive and will expire after a short
duration (usually 30 seconds).

Steps to Resolve:

1. Regenerate OTP:
o Open the NGAO Authenticator App or request a new OTP via SMS or email.
Enter the newly generated OTP within the time limit to complete authentication.
2. Ensure Time Synchronization:
o If using the NGAO Authenticator App, make sure your phone's time is
synchronized correctly with your local network. If the phone’s time is incorrect,
the OTP generated might not be valid.

7.1.3 Issue 3: Unable to Scan QR Code for NGAO Authenticator App (TOTP)

If you are unable to scan the QR code during the setup of the NGAO Authenticator
App, this could be due to camera or network issues.

28
Steps to Resolve:

1. Check Camera Permissions:

o Ensure that your camera has permission to access the NGAO Authenticator
App. You can do this by going to your phone’s settings and allowing camera
access for the app.
2. Try a Different Device:
o If the issue persists, try scanning the QR code with another mobile device.

7.1.4 Issue 4: Hardware Security Key Not Detected

If your hardware security key is not detected during authentication, it might be due to
connection or compatibility issues.

Steps to Resolve:

1. Check USB Connection:

o Ensure that your hardware key is correctly inserted into the USB port of your
device. Try removing and reinserting it.
2. Use a Different USB Port:
o If the key is still not detected, try using a different USB port on your computer.
3. Verify Compatibility:
o Ensure that your hardware security key is compatible with the FAS system.
Some keys may require specific drivers to be installed.
4. Try a Different Browser:
o If the issue persists, try logging in using a different web browser (e.g., Chrome,
Firefox, or Edge). Firefox is recommended.

7.1.5 Issue 5: Cannot Access NGAO Platform

If you are redirected to the NGAO Platform but encounter errors or are unable to
access the authentication page, there may be network issues or incorrect system
configurations.

Steps to Resolve:

1. Check Internet Connection:

o Ensure that your device has a stable internet connection. If you are on a
corporate network, confirm that it is not blocking the NGAO Platform.
2. Clear Browser Cache:
o Try clearing your browser’s cache and cookies to remove any conflicting data.
Then attempt to log in again.
3. Try a Different Browser:
o If the issue persists, try logging in using a different web browser (e.g., Chrome,
Firefox, or Edge).
4. Contact IT Support:

29
 o If none of the above steps resolve the issue, contact your organization’s IT
support for assistance.

7.2 FAQ on Using NGAO Authenticator App

7.2.1 Q1: Can I use the NGAO Authenticator App on multiple devices?

Yes, you can install the NGAO Authenticator App on multiple devices. However, each
device must be registered separately by scanning the QR code or entering the setup
code for different system.

7.2.2 Q2: What happens if I lose my phone with the NGAO Authenticator App
installed?

If you lose your phone with the NGAO Authenticator App, you will need to reset your
MFA settings. Contact your IT support to reset your account and set up a new
authentication method.

7.2.3 Q3: How do I switch between SMS OTP to the NGAO Authenticator App (TOTP)?

You can switch your MFA method by logging into the FAS system and navigating to
the Profile then Multi-Factor Authentication (MFA) section in the profile settings.
From there, you can register the NGAO Authenticator App as your additional method
and complete the setup by scanning the QR code. In which now you will be able to
also use it interchangeably with SMS OTP.

7.2.4 Q4: Can I use a hardware security key and the NGAO Authenticator App
together?

Yes, the FAS systems allow you to use multiple MFA methods, such as both a hardware
security key and the NGAO Authenticator App. This adds additional security and
flexibility in case one method becomes unavailable.

7.2.5 Q5: Why am I being asked to authenticate twice?

If you are being asked to authenticate twice, it could be due to your MFA settings
requiring multiple forms of verification. This usually happens when you have more than
one MFA method enabled (e.g., both SMS OTP and TOTP).

Summary of Troubleshooting:

• Not Receiving OTP: Verify contact details, resend OTP, and check network
connectivity.

30
• Expired OTP: Regenerate the OTP and ensure device time synchronization.
• QR Code Issues: Check camera permissions or manually enter the code.
• Hardware Key Not Detected: Check USB connection or use a different port.
• Cannot Access NGAO Platform: Ensure internet connectivity, clear browser cache, or
switch browsers.

31