1. Cytracom
  2. Unity
  3. Unity KBs

Set up Two Factor Authentication (TOTP)

Dylan Carroll
Published Updated

Overview

Enable two-factor authentication (2FA) for your Unity account so that signing in requires your password plus a time-based code from an authenticator app. This keeps your account more secure and is required to sign in to Unity (including the ControlOne Agent).

Use Case: First-time 2FA setup so you can sign in to Unity and the ControlOne Agent. You complete setup during the sign-in flow when prompted for a verification code.

Who Should Use This: Unity users who need to enable 2FA for the first time or who are signing in and are at the TOTP (authenticator app) step.

Understanding authentication apps and logging into Unity

  • What an authentication app is: An app on your phone or device (e.g., Google Authenticator, Microsoft Authenticator, Authy) that generates short-lived, one-time codes. Unity uses these codes as the second factor when you sign in.
  • Role in login: When you sign in to Unity, after you enter your email and password you are asked for a code. You open your authenticator app, get the current code for Unity/ControlOne, and enter it in the browser. That proves you have access to the device where the app is installed.
  • Why use one: Unity requires 2FA for sign-in. TOTP (Time-based One-Time Password) via an authenticator app is the only form of two-factor authentication supported at this time. Unity does not use SMS or email codes for 2FA.

Before you start: Install an authenticator app on your phone or device if you don’t have one (e.g., Google Authenticator, Microsoft Authenticator, or Authy). Have it ready when you reach the TOTP step during sign-in.

Prerequisites

  • [ ] Valid Unity/ControlOne account (email and password)
  • [ ] An authenticator application installed on your phone or device (e.g., Google Authenticator, Microsoft Authenticator, Authy)
  • [ ] ControlOne Agent installed if you are signing in from the agent (menu bar app)
  • [ ] Default or supported browser available (sign-in and 2FA setup complete in the browser)

How to set up Two Factor Authentication

Step 1: Open the ControlOne Agent from the menu bar to sign in

Click the ControlOne Agent icon in your system menu bar (macOS menu bar or Windows system tray) to open the agent and start sign-in.

Where to find it: The ControlOne Agent icon in the menu bar or system tray.

What you'll see: The agent window or sign-in screen opens, prompting you to sign in.

Step 2: Enter your email and click Next

Type your Unity/ControlOne account email in the email field, then click Next to continue signing in.

Where to find it: The sign-in screen that opened from the ControlOne Agent.

What you'll see: The flow advances; you may be directed to continue in your browser.

Step 3: Select Continue in your browser and complete sign-in to the TOTP step

When your browser opens, click Continue to proceed. Enter your password when prompted. Continue until you reach the two-factor authentication (TOTP) step.

Where to find it: The browser window or tab that opened for Unity/ControlOne sign-in.

What you'll see: Password field, then a 2FA/TOTP screen. If you are setting up 2FA for the first time, you will see a QR code or a setup key.

Step 4: Set up your authenticator app (first-time setup only)

If this is your first time setting up 2FA, open your authenticator app and add a new account. Scan the QR code shown in the browser with the app, or enter the setup key manually if offered. The app will then show a six-digit code that changes every 30 seconds.

Where to find it: The TOTP/2FA screen in the browser after you enter your password.

What you'll see: A QR code and/or a secret key. After adding the account in your app, a time-based code appears in the app.

Step 5: Enter the code from your authenticator app

In the browser, enter the current six-digit code from your authenticator app in the verification code field, then submit (e.g., click Verify or Continue).

Where to find it: The same 2FA/TOTP screen in the browser.

What you'll see: After entering a valid code, sign-in completes and you may be prompted to open or return to the ControlOne Agent.

Step 6: Approve the prompt to open ControlOne Agent

When prompted, approve opening or returning to the ControlOne Agent so it can complete the connection.

Where to find it: The browser prompt or dialog asking to open the ControlOne Agent application.

What you'll see: The ControlOne Agent opens or comes to the foreground and is connected to your Unity account.

Expected Result

Two-factor authentication is set up for your Unity account (if it was your first time), and you are signed in. The ControlOne Agent is connected to your Unity account and you can use Unity from the agent.

You'll know it worked when: You are no longer asked to set up 2FA during this flow (for first-time setup), the browser shows successful sign-in, and the ControlOne Agent shows you as signed in and connected.

Troubleshooting

Issue: I don’t log in successfully or I see “account pending”

Solution: Your account may not be assigned to the correct zone or may not have the roles required to sign in or use the agent. Ask your ControlOne administrator to confirm that you are assigned to the correct zone and have the correct roles (including any roles required for agent access). Until your zone and roles are correct, sign-in or agent connection can fail or show as pending.

Issue: I don’t see a QR code or 2FA setup screen

Solution: You may already have 2FA set up. Use your existing authenticator app and enter the current code when prompted. If you no longer have access to that device or app, ask your administrator to reset 2FA for your user so you can set it up again on your next login.

Issue: The code from my authenticator app is not accepted

Solution: TOTP codes are time-based and expire quickly. Use the code currently shown in the app (don’t use one that was visible a minute ago). Ensure the time on your phone or device is correct (authenticator apps rely on device time). If it still fails, wait for the next code and try again.

Additional Information

  • TOTP only: TOTP (authenticator app) is the only form of two-factor authentication supported for Unity at this time. SMS and email codes are not used for 2FA.
  • Authenticator app: Keep your authenticator app installed and available whenever you sign in to Unity or the ControlOne Agent. If you lose access to the app or device, an administrator must reset 2FA for your account before you can sign in again.
  • Zone and roles: If sign-in fails or you see “account pending,” your administrator must verify your zone assignment and roles—similar to the requirements for connecting the ControlOne Agent.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful