Configuring Temporary Access Pass (TAP) in Mojo Helpdesk

Overview

Temporary Access Pass (TAP) is a time-limited passcode that allows users to authenticate without needing their usual credentials. This feature is particularly useful in scenarios where a user has lost access to their authentication methods (e.g., lost phone or password). And also for providing controlled, time-limited access to temporary workers, external contractors, or one-time support users without the need to manage persistent credentials.

Enabling Temporary Access Pass (TAP)

To enable TAP for your organization, follow these steps:

  1. Sign in to the Helpdesk.
  2. Navigate to Admin → Account > Security.
  3. Under the Authentication Methods section, select the link for Temporary Access Pass.
  4. In the TAP settings page, toggle Enable Temporary Access Pass to "On".
  5. Configure the TAP policy settings (described below).
  6. Click Save to apply changes.

Configuring TAP Policy Settings

Admins can configure the following parameters for TAP in the same Temporary Access Pass settings page:

Once configured, all generated TAPs will follow the specified policy.

Creating a Temporary Access Pass for a User

After enabling TAP, admins can generate a TAP for a user:

  1. Sign in to the Helpdesk.
  2. Navigate to Users and go to the desired user's admin profile page.
  3. Under authentication tab, look for Temporary Access Pass section.
  4. Click add pass.
  5. Select a user and specify:
    • Start time (optional)
    • Duration (must follow policy settings)
    • Whether the TAP should be one-time use
  6. Click add.
  7. Copy and securely share the TAP with the user. Note: The TAP cannot be viewed again after closing this window.

From the same place you can delete a TAP. Expired passes will be automatically deleted after 30 days.

Guest Users and Temporary Access Pass

When creating a new contact or staff member, admins and managers now have the option to specify "This user is a guest."

  • Guest users can only log in using a Temporary Access Pass (TAP).
  • While an email address is required to create a guest user, guest users will not receive any email notifications from Mojo.
  • They cannot authenticate using a password or other authentication methods (Google, Azure…).

Using a Temporary Access Pass

A user can use TAP for authentication in scenarios such as:

  • Lost authentication method: If a user loses access to their 2FA device or password, a TAP allows them to sign in and reset their credentials.
  • Temporary worker access: A TAP can be issued to factory workers or contractors who need access only for specific shifts or time periods.

Signing in with TAP

  1. Open the TAP login page {{yourHelpdesk}}/login/tap and enter the username.
  2. Enter the TAP provided by the admin.
  3. Proceed to update or register a new authentication method if necessary.

Limitations

  • TAP does not replace passwords permanently; it only grants temporary access.
  • TAP cannot be used for API authentication.
  • Users who are required to register MFA methods may be prompted to do so after signing in with a TAP.

Troubleshooting

If TAP is not working for a user:

  • Check that the TAP has not expired.
  • Confirm that a one-time-use TAP has not already been used.

By leveraging TAP in Mojo Helpdesk, organizations can provide secure and flexible access solutions for both recovery and temporary user authentication.