Background

In earlier versions of the Authentication Server than Authentication Server 4.2, the Authlogics Authenticator App was only able to register a device with a user account via an Offline QR code and the device did not require any connectivity. After the user scanned the QR code, they had to enter a Device ID from the phone into the Self Service Portal or Desktop Agent to complete the process as follows:

New functionality in Authentication Server 4.2

Authentication Server 4.2 shows devices previously registered offline in the MMC as Offline QR code:

New devices registered online show a Last sync date and time as follows:

The offline device registration method is unable to support Mobile Push authentication as that requires an online connection. The Online Registration feature was added to Authentication Server 4.2; this is easier for users to set up, and allows for a persistent secure online connection between the phone and the Authentication Server. This connection can be used to remotely configure authentication types after a device is paired, as well as provide Push authentication capabilities.

Authentication Server 4.2 supports both online and offline registration, but not at the same time. You are recommended to use online registration where possible, unless connectivity is not permitted.

Changing the Authentication Server Settings

When upgrading from an older version of Authentication Server, offline registration is still be used until explicitly changed. To switch to Online Registration, enable the Enable Online Device access setting on the Authenticator App tab in Global Settings as follows:

Note: To apply the changes immediately to the Self Service Portal, run IISRESET from an admin command prompt.

Managing Online Devices

Adding a new device

Once online registration is enabled, when a user adds a device to their account they see a high res QR code that configures the Authlogics Authenticator App to use Online Registration. Furthermore, the user does not have to enter a Device ID from the phone anymore - this is now automatic.

• Waiting for phone to scan the QR code:

• After the phone has scanned the QR code:

Updating an existing offline device

Switching the Authentication Server from offline to online registration only affects new devices. Existing Offline registered devices remain offline until they are migrated to be online. To allow for an easier user migration, users can rescan a new QR code for their device to make it work online. This avoids creating new profiles in the Authlogics Authenticator App and prevents you from having to remove the old device and add a new one from scratch.

1. From the Self Service Portal, select the device you want to update.
   
2. Click Rescan Device.
3. Follow the instruction on how to scan a QR code in the Authlogics Authenticator App and click Next.
   
   The QR code is displayed.

   

4. Scan the QR code.
   The device registration is be switched from Offline to Online.
   Note: The previous Authlogics Authenticator App profile will be migrated to a new Online profile where the settings can be controlled from the Authentication Server.
   

 

Enable Mobile Push for multiple users

One user at a time

Users can be enabled for Mobile Push one at a time from the user property Push tab by enabling the Enable Mobile Push Authentication setting.

Multiple users at once

To bulk enable users for Mobile Push simply:

1. Select all the users you want to enable to Mobile Push and click "User Account Management" on the right.
   
2. Run through the wizard up to the Mobile Push Authentication screen. Ensure that Enable Mobile Push Authentication is enabled. For additional security, you are recommended to also enable Require Biometric Seed.
   
   
3. Complete the wizard to apply the changes to all the selected accounts.

A user can only use Mobile Push MFA if they are enabled for Mobile Push and have a Online registered device.