Configuring Temporary Access Pass (TAP) in Mojo Helpdesk
Overview
Temporary Access Pass (TAP) is a time-limited passcode that allows users to authenticate without needing their usual credentials. This feature is particularly useful in scenarios where a user has lost access to their authentication methods (e.g., lost phone or password). And also for providing controlled, time-limited access to temporary workers, external contractors, or one-time support users without the need to manage persistent credentials.
Enabling Temporary Access Pass (TAP)
To enable TAP for your organization, follow these steps:
- Sign in to the Helpdesk.
- Navigate to Admin → Account > Security.
- Under the Authentication Methods section, select the link for Temporary Access Pass.
- In the TAP settings page, toggle Enable Temporary Access Pass to "On".
- Configure the TAP policy settings (described below).
- Click Save to apply changes.
Configuring TAP Policy Settings
Admins can configure the following parameters for TAP in the same Temporary Access Pass settings page:
Once configured, all generated TAPs will follow the specified policy.
Creating a Temporary Access Pass for a User
After enabling TAP, admins can generate a TAP for a user:
- Sign in to the Helpdesk.
- Navigate to Users and go to the desired user's admin profile page.
- Under authentication tab, look for Temporary Access Pass section.
- Click add pass.
- Select a user and specify:
- Start time (optional)
- Duration (must follow policy settings)
- Whether the TAP should be one-time use
- Click add.
- Copy and securely share the TAP with the user. Note: The TAP cannot be viewed again after closing this window.
From the same place you can delete a TAP. Expired passes will be automatically deleted after 30 days.
Guest Users and Temporary Access Pass
When creating a new contact or staff member, admins and managers now have the option to specify "This user is a guest."
- Guest users can only log in using a Temporary Access Pass (TAP).
- While an email address is required to create a guest user, guest users will not receive any email notifications from Mojo.
- They cannot authenticate using a password or other authentication methods (Google, Azure…).
Using a Temporary Access Pass
A user can use TAP for authentication in scenarios such as:
- Lost authentication method: If a user loses access to their 2FA device or password, a TAP allows them to sign in and reset their credentials.
- Temporary worker access: A TAP can be issued to factory workers or contractors who need access only for specific shifts or time periods.
Signing in with TAP
- Open the TAP login page
{{yourHelpdesk}}/login/tap
and enter the username. - Enter the TAP provided by the admin.
- Proceed to update or register a new authentication method if necessary.
Limitations
- TAP does not replace passwords permanently; it only grants temporary access.
- TAP cannot be used for API authentication.
- Users who are required to register MFA methods may be prompted to do so after signing in with a TAP.
Troubleshooting
If TAP is not working for a user:
- Check that the TAP has not expired.
- Confirm that a one-time-use TAP has not already been used.
By leveraging TAP in Mojo Helpdesk, organizations can provide secure and flexible access solutions for both recovery and temporary user authentication.