Configuring Temporary Access Pass (TAP)
Temporary Access Pass (TAP) is a time-limited passcode that allows users to authenticate without needing their usual credentials.
Use cases
A user can use TAP for authentication in scenarios such as:
- Lost authentication method: If a user loses access to their 2FA device or password, a TAP allows them to sign in and reset their credentials.
- Temporary worker access: A TAP can be issued to contractors, or factory workers who need access only for specific shifts or time periods.
Enabling Temporary Access Pass (TAP)
Agents must have an admin role to enable TAP.
- Click on the waffle icon on the upper right corner
- Select Account administration
- Navigate to
Account > Security
- Under
Authentication methods
, select the link forTemporary Access Pass
- In the TAP settings page, toggle
Enable Temporary Access Pass
to “On” - Configure the TAP policy settings (described below)
- Click
save
to apply changes
Configuring TAP policy settings
Admins can configure the following parameters for TAP in the same Temporary Access Pass settings page:
Once configured, all generated TAPs will follow the specified policy.
Creating a Temporary Access Pass for a user
After enabling TAP, admins can generate a TAP for a user:
- Go to the user's profile
- If the the user is an agent, navigate to
Agents & teams > Agent list
- If the the user is a contact, navigate to
Contacts > Contact list
- If the the user is an agent, navigate to
- Under
authentication
tab, look forTemporary Access Pass
- Select
+ add pass
- Specify:
- Start time of the TAP (optional)
- Duration (must follow policy settings)
- Whether the TAP should be one-time use
- Click
add
- Copy and securely share the TAP with the user
- Important: The TAP cannot be viewed again after closing this window.
The TAP can also delete from this section. Expired passes will be automatically deleted after 30 days.
Guest Users and Temporary Access Pass
When creating a new contact or staff member, admins and managers have the option to specify This user is a guest
.
- Guest users can only log in using a Temporary Access Pass (TAP).
- While an email address is required to create a guest user, guest users will not receive any email notifications from Mojo.
- They cannot authenticate using a password or other authentication methods (Google, Azure…).
Signing in with TAP
- Open the TAP login page
{{yourHelpdesk}}/login/tap
and enter the username - Enter the TAP provided by the admin
- Proceed to update or register a new authentication method if necessary
Limitations
- TAP does not replace passwords permanently; it only grants temporary access.
- TAP cannot be used for API authentication.
- Users who are required to register MFA methods may be prompted to do so after signing in with a TAP.
Troubleshooting
If TAP is not working for a user:
- Check that the TAP has not expired.
- Confirm that a one-time-use TAP has not already been used.
By leveraging TAP in Mojo Helpdesk, organizations can provide secure and flexible access solutions for both recovery and temporary user authentication.