There are two ways to set up tokens for offline MFA: download tokens automatically or create tokens manually.

If you are using the SafeID Token Service (STS) to manage your tokens, then your Entra ID domain users will be able to download offline token automatically from STS.

To enable token download from the SafeID Token Service, edit the "config.json" file and add the line below to the file
"mfa_service_endpoint": "http://mfa.safeid.io/api/clo"

When users sign in to computers using their Entra ID domain accounts, their tokens will be automatically downloaded to the computers. 

Otherwise, your users will have to manually create tokens for offline MFA

To manually create a token for offline login and other operations on a PC, the user must follow the steps below

First, log in to the PC while the PC is online, using the user's domain account

Launch a web browser, and navigate to the user console at http://localhost:12845/localTokens 

Click the "CREATE TOKEN" button

Enter a name for your token, such as your user name

Click the "SAVE" button to save the token

Now, you need to install the token on to your mobile phone

Click the context menu icon of the newly created token, and select "QR Code" from the menu

You can use your TOTP authenticator app, such as Microsoft Authenticator or SafeID Authenticator, to scan the QR code.

After the token has been installed on to your phone, you should test it.

Click the context menu of the token again, and select "Test"







  • No labels