APTrust · mjiori · Sep 17, 2025 · Mar 18, 2026 · Apr 6, 2026 · Apr 6, 2026
diff --git a/.env.dev b/.env.dev
@@ -96,14 +96,6 @@ SNS_ENDPOINT=""
 AWS_SNS_USER=""
 AWS_SNS_PWD=""
 
-
-# If you have valid Authy keys, set this to true.
-# You'll need to set the following env variable:
-#
-# AUTHY_API_KEY=<your key>
-#
-ENABLE_TWO_FACTOR_AUTHY=false
-
 # How long should one-time passwords sent via text/SMS last?
 # Use Go duration format. Examples:
 # "60s" = 60 seconds

diff --git a/.env.docker b/.env.docker
@@ -13,7 +13,6 @@
 # See Parameter Store for a description of each variable.
 # --------------------------------------------------------------------------
 # 
-# AUTHY_API_KEY
 # AWS_SES_PWD
 # AWS_SES_USER
 # AWS_SNS_USER
@@ -33,7 +32,6 @@
 # EMAIL_ENABLED
 # EMAIL_FROM_ADDRESS
 # EMAIL_SERVICE_TYPE
-# ENABLE_TWO_FACTOR_AUTHY
 # ENABLE_TWO_FACTOR_SMS
 # FLASH_COOKIE_NAME
 # HTTPS_COOKIES

diff --git a/.env.integration b/.env.integration
@@ -96,15 +96,6 @@ SNS_ENDPOINT=""
 AWS_SNS_USER=""
 AWS_SNS_PWD=""
 
-
-
-# If you have valid Authy keys, set this to true.
-# You'll need to set the following env variable:
-#
-# AUTHY_API_KEY=<your key>
-#
-ENABLE_TWO_FACTOR_AUTHY=false
-
 # How long should one-time passwords sent via text/SMS last?
 # Use Go duration format. Examples:
 # "60s" = 60 seconds

diff --git a/.env.test b/.env.test
@@ -97,14 +97,6 @@ SNS_ENDPOINT=""
 AWS_SNS_USER=""
 AWS_SNS_PWD=""
 
-
-# If you have valid Authy keys, set this to true.
-# You'll need to set the following env variable:
-#
-# AUTHY_API_KEY=<your key>
-#
-ENABLE_TWO_FACTOR_AUTHY=false
-
 # How long should one-time passwords sent via text/SMS last?
 # Use Go duration format. Examples:
 # "60s" = 60 seconds

diff --git a/.env.travis b/.env.travis
@@ -96,14 +96,6 @@ SNS_ENDPOINT=""
 AWS_SNS_USER=""
 AWS_SNS_PWD=""
 
-
-# If you have valid Authy keys, set this to true.
-# You'll need to set the following env variable:
-#
-# AUTHY_API_KEY=<your key>
-#
-ENABLE_TWO_FACTOR_AUTHY=false
-
 # How long should one-time passwords sent via text/SMS last?
 # Use Go duration format. Examples:
 # "60s" = 60 seconds

diff --git a/Dockerfile b/Dockerfile
@@ -50,9 +50,6 @@ ENV AWS_REGION=us-east-1
 
 ENV ENABLE_TWO_FACTOR_SMS=true
 
-ENV ENABLE_TWO_FACTOR_AUTHY=true
-ENV AUTHY_API_KEY=<yourkey>
-
 ENV OTP_EXPIRATION="15m"
 
 ENV EMAIL_ENABLED=false

diff --git a/Dockerfile.multi b/Dockerfile.multi
@@ -62,9 +62,6 @@ ENV AWS_REGION=us-east-1
 
 ENV ENABLE_TWO_FACTOR_SMS=true
 
-ENV ENABLE_TWO_FACTOR_AUTHY=true
-ENV AUTHY_API_KEY=<yourkey>
-
 ENV OTP_EXPIRATION="15m"
 
 ENV EMAIL_ENABLED=false

diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ Right-click each of the NSQ binaries, then hold the Shift key and select Open fr
 
 ## Requirements for Two Factor Authentication
 
-As a developer, you generally won't need to send Authy or SMS messages for two-factor authentication. If you're running this in a demo or production environment, you will.
+As a developer, you generally won't need to send SMS messages for two-factor authentication. If you're running this in a demo or production environment, you will.
 
 The AWS SNS library, which sends two-factor auth codes via text/SMS, requires the following config files:
 
@@ -166,17 +166,16 @@ You can call `testutil.InitHTTPTests()` before any HTTP tests to ensure HTTP tes
 
 # External Services
 
-If you want to send two-factor OTP codes through SMS, or two-factor Authy push notifications, or password reset emails, you'll need to enable these in the .env (or .env.test) file. Set the following:
+If you want to send two-factor OTP codes through SMS, or password reset emails, you'll need to enable these in the .env (or .env.test) file. Set the following:
 
 ```
 ENABLE_TWO_FACTOR_SMS=true
-ENABLE_TWO_FACTOR_AUTHY=true
 EMAIL_ENABLED=true
 ```
 
 If these services are causing problems on your dev machine, you can turn them off by changing the settings to `false`. You can still log in with two-factor authentication when these services are turned off locally. The registry will print the OTP to the terminal console during development. You can cut and paste the OTP code from there.
 
-You'll have to manually set a test user's phone number and/or Authy ID to send OTP messages successfully.
+You'll have to manually set a test user's phone number to send OTP messages successfully.
 
 ## AWS Environment Variables
 
@@ -188,9 +187,6 @@ AWS_SECRET_ACCESS_KEY=<your secret key>
 AWS_REGION="us-east-1"
 ```
 
-## Authy Environment Variables
-
-To use Authy for OTP, set the `AUTHY_API_KEY` environment variable.
 
 # Notes on Routes
 
@@ -225,7 +221,7 @@ Routes excepted from auth checks include:
 
 The "forgot password" and "password reset" pages both use a secure token in the query string to identify the user.
 
-The authentication middleware also hijacks all requests in cases where a user must complete registration activities. For example, if a user needs to reset their password, confirm an Authy account, or provide the second factor for multi-factor auth, the middleware will not let them past the reset/confirmation/token page until they've provided the required info.
+The authentication middleware also hijacks all requests in cases where a user must complete registration activities. For example, if a user needs to reset their password or provide the second factor for multi-factor auth, the middleware will not let them past the reset/confirmation/token page until they've provided the required info.
 
 # Notes on JSON Serialization
 

diff --git a/app/application.go b/app/application.go
@@ -260,7 +260,6 @@ func initRoutes(router *gin.Engine) {
 		webRoutes.GET("/users/2fa_backup", webui.UserTwoFactorBackup)
 		webRoutes.GET("/users/2fa_choose", webui.UserTwoFactorChoose)
 		webRoutes.POST("/users/2fa_sms", webui.UserTwoFactorGenerateSMS)
-		webRoutes.POST("/users/2fa_push", webui.UserTwoFactorPush)
 		webRoutes.POST("/users/2fa_verify", webui.UserTwoFactorVerify)
 
 		// User forgot password

diff --git a/cfn/cfn-registry-cluster.tmpl b/cfn/cfn-registry-cluster.tmpl
@@ -206,8 +206,6 @@ Resources:
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/APT_ENV'
         - Name: LOG_DIR
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/LOG_DIR'
-        - Name: AUTHY_API_KEY
-          ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/AUTHY_API_KEY'
         - Name: AWS_ACCESS_KEY_ID
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/AWS_ACCESS_KEY_ID'
         - Name: AWS_REGION
@@ -242,8 +240,6 @@ Resources:
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/EMAIL_ENABLED'
         - Name: EMAIL_FROM_ADDRESS
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/EMAIL_FROM_ADDRESS'
-        - Name: ENABLE_TWO_FACTOR_AUTHY
-          ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/ENABLE_TWO_FACTOR_AUTHY'
         - Name: ENABLE_TWO_FACTOR_SMS
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/ENABLE_TWO_FACTOR_SMS'
         - Name: FLASH_COOKIE_NAME

diff --git a/cfn/cfn-registry-cluster.yml b/cfn/cfn-registry-cluster.yml
@@ -210,8 +210,6 @@ Resources:
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/APT_ENV'
         - Name: LOG_DIR
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/LOG_DIR'
-        - Name: AUTHY_API_KEY
-          ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/AUTHY_API_KEY'
         - Name: AWS_ACCESS_KEY_ID
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/AWS_ACCESS_KEY_ID'
         - Name: AWS_REGION
@@ -246,8 +244,6 @@ Resources:
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/EMAIL_ENABLED'
         - Name: EMAIL_FROM_ADDRESS
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/EMAIL_FROM_ADDRESS'
-        - Name: ENABLE_TWO_FACTOR_AUTHY
-          ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/ENABLE_TWO_FACTOR_AUTHY'
         - Name: ENABLE_TWO_FACTOR_SMS
           ValueFrom: !Sub 'arn:aws:ssm:us-east-1:997427182289:parameter/${Envn}/REGISTRY/ENABLE_TWO_FACTOR_SMS'
         - Name: FLASH_COOKIE_NAME

diff --git a/common/config.go b/common/config.go
@@ -61,14 +61,12 @@ type LoggingConfig struct {
 }
 
 // TwoFactorConfig contains info for sending push messages
-// through Authy and SMS text messages through AWS SNS.
+// through SMS text messages through AWS SNS.
 // If SNSEndpoint is empty, we'll use the default public
 // SNS endpoint for the specified region. If non-empty,
 // we'll use the explicit SNSEndpoint. Should be non-empty
 // if we're on a private subnet without a NAT gateway.
 type TwoFactorConfig struct {
-	AuthyEnabled  bool
-	AuthyAPIKey   string
 	AWSRegion     string
 	SMSEnabled    bool
 	OTPExpiration time.Duration
@@ -276,8 +274,6 @@ func loadConfig() *Config {
 		EmailServiceType: emailServiceType,
 		MaintenanceMode:  v.GetBool("MAINTENANCE_MODE"),
 		TwoFactor: &TwoFactorConfig{
-			AuthyAPIKey:   v.GetString("AUTHY_API_KEY"),
-			AuthyEnabled:  v.GetBool("ENABLE_TWO_FACTOR_AUTHY"),
 			AWSRegion:     v.GetString("AWS_REGION"),
 			SMSEnabled:    v.GetBool("ENABLE_TWO_FACTOR_SMS"),
 			OTPExpiration: v.GetDuration("OTP_EXPIRATION"),
@@ -385,7 +381,6 @@ func (config *Config) ToJSON() (string, error) {
 	copyOfConfig.Email.SesUser = maskString(config.Email.SesUser)
 	copyOfConfig.Email.SesPassword = maskString(config.Email.SesPassword)
 	copyOfConfig.Redis.Password = maskString(config.Redis.Password)
-	copyOfConfig.TwoFactor.AuthyAPIKey = maskString(config.TwoFactor.AuthyAPIKey)
 	copyOfConfig.TwoFactor.SNSUser = maskString(config.TwoFactor.SNSUser)
 	copyOfConfig.TwoFactor.SNSPassword = maskString(config.TwoFactor.SNSPassword)
 

diff --git a/common/config_test.go b/common/config_test.go
@@ -61,7 +61,6 @@ func TestNewConfig(t *testing.T) {
 	config.Email.SesUser = "mask-me-sesuser"
 	config.Email.SesPassword = "mask-me-pwd-ses"
 	config.Redis.Password = "mask-me-pwd-redis"
-	config.TwoFactor.AuthyAPIKey = "mask-me-authy"
 	config.TwoFactor.SNSUser = "user-1234"
 	config.TwoFactor.SNSPassword = "password-5678"
 	config.TwoFactor.SNSEndpoint = "sns.example.com:886"
@@ -177,8 +176,6 @@ var expectedConfigJson = `{
   },
   "NsqUrl": "http://localhost:4151",
   "TwoFactor": {
-    "AuthyEnabled": false,
-    "AuthyAPIKey": "****thy",
     "AWSRegion": "",
     "SMSEnabled": false,
     "OTPExpiration": 900000000000,

diff --git a/common/context.go b/common/context.go
@@ -24,10 +24,6 @@ type APTContext struct {
 	// Log is our logger.
 	Log zerolog.Logger
 
-	// AuthyClient sends push notifications to users who have enabled
-	// two-factor auth via push.
-	AuthyClient network.AuthyClientInterface
-
 	// NSQClient lets registry queue work items for preservation services
 	// and lets us view NSQ admin stats.
 	NSQClient *network.NSQClient
@@ -85,7 +81,6 @@ func Context() *APTContext {
 			Config:      config,
 			DB:          db,
 			Log:         zlogger,
-			AuthyClient: network.NewAuthyClient(config.TwoFactor.AuthyEnabled, config.TwoFactor.AuthyAPIKey, zlogger),
 			NSQClient:   network.NewNSQClient(config.NsqUrl, zlogger),
 			SESClient:   network.NewSESClient(config.Email.Enabled, config.TwoFactor.AWSRegion, config.Email.SesEndpoint, config.Email.SesUser, config.Email.SesPassword, config.Email.FromAddress, zlogger),
 			SNSClient:   network.NewSNSClient(config.TwoFactor.SMSEnabled, config.TwoFactor.AWSRegion, config.TwoFactor.SNSEndpoint, config.TwoFactor.SNSUser, config.TwoFactor.SNSPassword, zlogger),

diff --git a/common/context_test.go b/common/context_test.go
@@ -14,7 +14,6 @@ func TestAPTContext(t *testing.T) {
 	require.NotNil(t, ctx.Config)
 	require.NotNil(t, ctx.DB)
 	require.NotNil(t, ctx.Log)
-	require.NotNil(t, ctx.AuthyClient)
 	require.NotNil(t, ctx.NSQClient)
 	assert.NotEmpty(t, ctx.NSQClient.URL)
 	require.NotNil(t, ctx.SNSClient)

diff --git a/common/errors.go b/common/errors.go
@@ -87,14 +87,6 @@ var ErrCrossOriginReferer = errors.New("csrf error: cross origin request forbidd
 // does not meet minimum requirements.
 var ErrPasswordReqs = errors.New("password does not meet minimum requirements")
 
-// ErrAlreadyHasAuthyID occurs when we try to register a user with Authy
-// and they already have an Authy ID.
-var ErrAlreadyHasAuthyID = errors.New("user is already registered with authy")
-
-// ErrNoAuthyID occurs when a user requests two-factor login via Authy
-// but does not have an Authy ID.
-var ErrNoAuthyID = errors.New("user does not have an authy id")
-
 // ErrWrongAPI occurs when a non-admin user tries to access the admin API.
 // While the member and admin APIs share some common handlers, and members
 // do technically have access to a number of read-only operations in both

diff --git a/constants/constants.go b/constants/constants.go
@@ -84,7 +84,6 @@ const (
 	RoleInstUser               = "institutional_user"
 	RoleNone                   = "none"
 	RoleSysAdmin               = "admin"
-	SecondFactorAuthy          = "Authy"
 	SecondFactorBackupCode     = "Backup Code"
 	SecondFactorSMS            = "SMS"
 	StageAvailableInS3         = "Available in S3"
@@ -132,7 +131,6 @@ const (
 	TopicFixity                = "fixity_check"
 	TopicGlacierRestore        = "restore_glacier"
 	TopicObjectRestore         = "restore_object"
-	TwoFactorAuthy             = "onetouch"
 	TwoFactorNone              = "none"
 	TwoFactorSMS               = "sms"
 )
@@ -230,7 +228,6 @@ var Roles = []string{
 }
 
 var SecondFactorTypes = []string{
-	SecondFactorAuthy,
 	SecondFactorBackupCode,
 	SecondFactorSMS,
 }

diff --git a/db/fixtures/users.csv b/db/fixtures/users.csv
@@ -1,10 +1,10 @@
-id,name,email,phone_number,created_at,updated_at,encrypted_password,reset_password_token,reset_password_sent_at,remember_created_at,sign_in_count,current_sign_in_at,last_sign_in_at,current_sign_in_ip,last_sign_in_ip,institution_id,encrypted_api_secret_key,password_changed_at,encrypted_otp_secret,encrypted_otp_secret_iv,encrypted_otp_secret_salt,encrypted_otp_sent_at,consumed_timestep,otp_required_for_login,deactivated_at,enabled_two_factor,confirmed_two_factor,otp_backup_codes,authy_id,last_sign_in_with_authy,authy_status,email_verified,initial_password_updated,force_password_update,account_confirmed,grace_period,awaiting_second_factor,role
-4,Inactive User,inactive@inst1.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,1/15/21 13:49,FALSE,FALSE,"{code1,code2,code3}",,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,none
-5,Inst Two Admin,admin@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin
-7,Inst Two User,user@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user
-2,Inst One Admin,admin@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_admin
-3,Inst One User,user@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$raEJqJ7eRcEwWmeoiJ2vxenR8dqVXCI1SU9zcgkrxeS.6/haWGi4K,,,,1,9/10/21 14:22,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_user
-1,APTrust System,system@aptrust.org,14345551212,1/12/21 17:14,9/10/21 14:24,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,1,9/10/21 14:24,,127.0.0.1,,1,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,admin
-6,Two Factor SMS User,sms_user@example.com,12125551212,9/10/21 14:25,9/10/21 14:25,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,,,,,,,,TRUE,,,,,,,,,,TRUE,TRUE,11/9/21 5:00,FALSE,institutional_user
-8,Test.edu Admin,admin@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin
-9,Test.edu User,user@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user
+id,name,email,phone_number,created_at,updated_at,encrypted_password,reset_password_token,reset_password_sent_at,remember_created_at,sign_in_count,current_sign_in_at,last_sign_in_at,current_sign_in_ip,last_sign_in_ip,institution_id,encrypted_api_secret_key,password_changed_at,encrypted_otp_secret,encrypted_otp_secret_iv,encrypted_otp_secret_salt,encrypted_otp_sent_at,consumed_timestep,otp_required_for_login,deactivated_at,enabled_two_factor,confirmed_two_factor,otp_backup_codes,email_verified,initial_password_updated,force_password_update,account_confirmed,grace_period,awaiting_second_factor,role,mfa_status
+4,Inactive User,inactive@inst1.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,1/15/21 13:49,FALSE,FALSE,"{code1,code2,code3}",TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,none,
+5,Inst Two Admin,admin@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+7,Inst Two User,user@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user,
+2,Inst One Admin,admin@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+3,Inst One User,user@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$raEJqJ7eRcEwWmeoiJ2vxenR8dqVXCI1SU9zcgkrxeS.6/haWGi4K,,,,1,9/10/21 14:22,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_user,
+1,APTrust System,system@aptrust.org,14345551212,1/12/21 17:14,9/10/21 14:24,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,1,9/10/21 14:24,,127.0.0.1,,1,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,admin,
+6,Two Factor SMS User,sms_user@example.com,12125551212,9/10/21 14:25,9/10/21 14:25,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,,,,,,,,TRUE,,,,,,,TRUE,TRUE,11/9/21 5:00,FALSE,institutional_user,
+8,Test.edu Admin,admin@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+9,Test.edu User,user@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user,