Announcing Bypass Codes

Last updated on August 21, 2024

We are thrilled to announce the release of Bypass Codes, a new feature that allows users to log in to their Rublon-protected applications using temporary codes generated by administrators in the Rublon Admin Console.

What’s New?

• The Passcode authentication method: The Passcode authentication method (formerly known as Mobile Passcode) now also includes Bypass Codes. The previous mechanisms that allow users to use OTP codes generated by Rublon Authenticator and third-party apps like Google Authenticators are still in place and have not been changed.
• Bypass Codes: Administrators can generate these unique codes for users, offering an alternative way to access applications. In each user’s profile in the Rublon Admin Console, you will find a new section called Bypass Codes that allows admins with roles Owner, Administrator, User Manager, and Help Desk to generate Bypass Codes for users in the organization.

What Is a Bypass Code?

A Bypass Code is a unique passcode that administrators can generate for users, providing them with an alternative way to access an application. This feature is particularly useful in situations where a user cannot use their usual authentication method, e.g. they lost their device.

How Do Bypass Codes Work?

A Bypass Code works in conjunction with a user’s password. The user first enters their password, followed by the Bypass Code they received from an administrator. This code can be entered in the Rublon Prompt by selecting the Passcode authentication method or appended to the password using the Append Mode.

For a step-by-step guide for end users on how to use a Bypass Code to gain access to a Rublon-integrated application, refer to How to use a Bypass Code?.

Before a user can use a Bypass Code, they have to contact their administrator and ask them to generate the code. Administrators can generate Bypass Codes in each user’s profile in the Admin Console.

For a step-by-step guide on how to generate Bypass Codes for users, refer to How to add a Bypass Code for user.

Use Cases for Bypass Codes

Here’s how organizations can benefit from the use of Bypass Codes.

Lost Device

In a situation where a user loses their device and cannot log in to their application, the user can request the system administrator or help desk to generate a Bypass Code. This allows the user to regain access to the application.

An organization must ensure the communication channel through which the code is sent is secure. Administrators should also have secondary measures in place to verify the user’s identity before generating a Bypass Code in order to mitigate the risk of social engineering attacks.

Temporary Access Assignment

There may be situations where a specialist from a different department is required to solve a specific technical issue that requires access to a particular resource. In such cases, the specialist needs to be granted access that is both time-limited and strictly controlled.

To facilitate this, a Rublon administrator can add the specialist to a group where the only available multi-factor authentication (MFA) authentication method is a Bypass Passcode with a short validity period. This code is generated by the MFA system administrator and must be provided by the specialist during login.

This use of the Bypass Code feature embodies the principle of least privilege, granting the specialist access only for the duration of a specific one-time task. After the task is completed, the specialist’s access is revoked.

In this scenario, Rublon also provides the option to disable all authentication methods other than the Passcode authentication method. Additionally, the ability for users to self-enroll their devices can also be turned off, ensuring maximum security.

As a result, even if a hacker manages to compromise the specialist’s password, they will not be able to access the protected resource. They will not even be able to attempt to breach the second factor, as all other authentication methods will be deactivated.

Start a Free MFA Trial

Experience the benefits of our multi-factor authentication solution firsthand. If you have not tried Rublon yet, we encourage you to Start a Free 30-Day Rublon MFA Trial by clicking the button below.

Subscribe to Our Newsletter

Stay up-to-date with our latest updates and features! Subscribe to the Rublon Newsletter today by clicking the button below.

Summing up

We hope you find the new Bypass Codes feature beneficial. As always, we are committed to providing you with the best security solutions. If you have any questions or suggestions, contact Rublon Support and ask away.