Skip to content

Sign in with two-factor

Sign-in begins with email and password. When policy or account configuration requires another factor, ScrinCloud creates a short-lived challenge and shows only the methods available for that challenge.

Typical time
2–5 minutes
You need
Password and an enrolled method
Outcome
An authenticated browser session
  1. Open Sign in.
  2. Enter Email address and Password.
  3. Choose Sign in once and wait for Signing in….
  4. If no second factor is required, wait for Signing you in to open the validated return destination.
  5. Use Forgot password? only when you cannot authenticate with the password.
  6. Choose Sign up only when you do not already have an account.

Sign-in 1 of 6 · Screenshot placeholder

Start password sign-in

Show Sign in, Email address, Password, Forgot password, Sign in, and Sign up.

Future capture briefUse a synthetic email and masked password. Hide URL parameters, password-manager data, browser storage, cookies, tokens, and customer names.

ScrinCloud either opens the intended public product destination or shows Verify sign-in / Set up 2FA. A loading transition is not proof of an authenticated session; the destination must load successfully.

  1. Confirm the masked Account is yours.
  2. Review the methods offered for this challenge:
    • Email code
    • Authenticator code or Authenticator app
    • Recovery code
    • Passkey or security key
  3. Prefer the method marked Preferred when you can use it.
  4. Choose Select.
  5. Choose Change method to return to the method list.

Only the backend decides which methods are available. Do not try to add a query parameter or reuse a challenge from another sign-in.

Sign-in 2 of 6 · Screenshot placeholder

Choose an available sign-in method

Show the masked account, method cards, Preferred or Phishing resistant badge, Select, and Cancel.

Future capture briefUse synthetic masked identity. Do not show challenge IDs, return paths, codes, authenticator setup material, or passkey payloads.
  1. Select Email code.
  2. Choose Send code if a code was not sent automatically.
  3. Enter the six-digit Verification code.
  4. When the timer finishes, choose Resend code only if necessary.
  5. Choose Verify and continue.
  1. Select Authenticator code.
  2. Open your enrolled authenticator app.
  3. Enter the current six-digit Authenticator code.
  4. Choose Verify and continue before the code changes.

Sign-in 3 of 6 · Screenshot placeholder

Verify a short-lived sign-in code

Show the selected method, empty code field, Send or Resend code where applicable, Change method, Cancel, and Verify and continue.

Future capture briefNever capture a real code, masked address tied to a person, authenticator screen, challenge ID, timer metadata, or session token.
  1. Select Recovery code only when normal methods are unavailable.
  2. Enter one unused Recovery code.
  3. Choose Use recovery code.
  4. After signing in, regenerate recovery codes and review your active methods.

A recovery code is a one-time secret. Using it consumes it. Never send it to support or store it in the ScrinCloud UI.

  1. Select Passkey or security key.
  2. Choose Verify and continue.
  3. Complete the browser or operating-system prompt with the expected device, synced passkey, biometric check, or hardware key.
  4. Cancel the browser prompt if the displayed account or device is unfamiliar.

ScrinCloud verifies the signed browser credential on the backend. The documentation never needs the credential payload.

Sign-in 4 of 6 · Screenshot placeholder

Start passkey verification

Show Use your passkey, Cancel, and Verify and continue before the browser credential prompt.

Future capture briefDo not capture the operating-system prompt, biometric data, credential identifier, challenge, origin data, QR handoff, or hardware-key details.

Complete required authenticator enrollment

Section titled “Complete required authenticator enrollment”

When policy requires enrollment, the page title is Set up 2FA.

  1. Select Authenticator app.
  2. Scan the Authenticator setup QR code with your app, or use Copy authenticator manual key privately.
  3. Enter the current Authenticator code.
  4. Choose Verify and continue.
  5. Save newly issued recovery codes privately after sign-in.

The QR code, manual key, and otpauth value are secrets. Never screenshot or share them.

Sign-in 5 of 6 · Screenshot placeholder

Understand required authenticator enrollment

Show Set up 2FA and the setup sections with the QR and manual key areas replaced by redacted blocks.

Future capture briefRedact the entire QR code, manual key, account label, otpauth value, authenticator code, challenge ID, and recovery codes.

Choose Cancel to send a challenge-cancellation request and return to Sign in. If the challenge already expired or was consumed, ScrinCloud still returns to sign-in only when that failure is safe. Start again rather than reusing the old page.

Sign-in 6 of 6 · Screenshot placeholder

Confirm the authenticated destination

Show a generic public dashboard heading after sign-in with no account menu open.

Future capture briefUse a synthetic tenant. Hide identity, notifications, projects, costs, sessions, URLs, tokens, cookies, and browser storage.

The sign-in step is missing or unavailable

Section titled “The sign-in step is missing or unavailable”

Return to Sign in and start again. Do not reconstruct challenge parameters.

Wait for the visible countdown. Repeated attempts can trigger rate limiting.

Confirm the correct account entry and device time. Use another offered method or verified recovery; never lower security settings to bypass the challenge.

Confirm the browser and device support passkeys, then retry once from a fresh sign-in. Use another offered method if available.

Stop guessing. Use your organization’s verified identity-recovery process.