Configuring Temporary Access Pass (TAP)

Temporary Access Pass (TAP) is a time-limited passcode that allows users to authenticate without needing their usual credentials.

Use cases

A user can use TAP for authentication in scenarios such as:

  • Lost authentication method: If a user loses access to their 2FA device or password, a TAP allows them to sign in and reset their credentials.
  • Temporary worker access: A TAP can be issued to contractors, or factory workers who need access only for specific shifts or time periods.

Enabling Temporary Access Pass (TAP)

Agents must have an admin role to enable TAP.

  1. Click on the waffle icon on the upper right corner
  2. Select Account administration
  3. Navigate to Account > Security
  4. Under Authentication methods, select the link for Temporary Access Pass
  5. In the TAP settings page, toggle Enable Temporary Access Pass to “On”
  6. Configure the TAP policy settings (described below)
  7. Click save to apply changes

Configuring TAP policy settings

Admins can configure the following parameters for TAP in the same Temporary Access Pass settings page:

Once configured, all generated TAPs will follow the specified policy.

Creating a Temporary Access Pass for a user

After enabling TAP, admins can generate a TAP for a user:

  1. Go to the user's profile
    1. If the the user is an agent, navigate to Agents & teams > Agent list
    2. If the the user is a contact, navigate to Contacts > Contact list
  2. Under authentication tab, look for Temporary Access Pass
  3. Select + add pass
  4. Specify:
    • Start time of the TAP (optional)
    • Duration (must follow policy settings)
    • Whether the TAP should be one-time use
  5. Click add
  6. Copy and securely share the TAP with the user
    • Important: The TAP cannot be viewed again after closing this window.

The TAP can also delete from this section. Expired passes will be automatically deleted after 30 days.

Guest Users and Temporary Access Pass

When creating a new contact or staff member, admins and managers  have the option to specify This user is a guest.

  • Guest users can only log in using a Temporary Access Pass (TAP).
  • While an email address is required to create a guest user, guest users will not receive any email notifications from Mojo.
  • They cannot authenticate using a password or other authentication methods (Google, Azure…).

Signing in with TAP

  1. Open the TAP login page {{yourHelpdesk}}/login/tap and enter the username
  2. Enter the TAP provided by the admin
  3. Proceed to update or register a new authentication method if necessary

Limitations

  • TAP does not replace passwords permanently; it only grants temporary access.
  • TAP cannot be used for API authentication.
  • Users who are required to register MFA methods may be prompted to do so after signing in with a TAP.

Troubleshooting

If TAP is not working for a user:

  • Check that the TAP has not expired.
  • Confirm that a one-time-use TAP has not already been used.

By leveraging TAP in Mojo Helpdesk, organizations can provide secure and flexible access solutions for both recovery and temporary user authentication.