Background
Prior to Authentication Server 4.2 the Authlogics Authenticator App was only able to register a device with a user account via an Offline QR code and the device did not require any connectivity. After the QR code was scanned by the user, the user also had to enter a Device ID from the phone into the Self Service Portal or Desktop Agent to complete the process as follows:
New functionality in Authentication Server 4.2
Authentication Server 4.2 will show previously registered Offline devices in the MMC as "Offline QR code":
New Online registered devices will show a "Last sync" date and time as follows:
The Offline device registration method is upable to support Mobile Push authentication as an online connection is required. A new Online Registration feature was added to Authentication Server 4.2 which is easier for a user to set up, and allows for a persistent secure online connection between the phone and the Authentication Server. This connection can be used to remotely configure authentication types after a device is paired, as well as provide Push authentication capabilities.
Authentication Server 4.2 supports both online and offline registration, but not at the same time. It is recommended to use Online Registration where possible, unless connectivity is not permitted.
Changing the Authentication Server Settings
When upgrading from an older version of Authentication Server Offline registration will still be used until explicitly changed. To switch to Online Registration tick the "Enable Online Device access" box on the "Authenticator App" tab in Global Settings as follows:
Note: To apply the changes immediately to the self service portal run IISRESET from an admin command prompt.
Managing Online Devices
Adding a new device
Once Online Registration is enabeld, when a user adds a device to their account they will see a high res QR code which will configure the Authlogics Authenticator App to use Online Registration. Furthermore, the user will NOT have to enter a Device ID from the phone anymore - this is now automatic.
- Waiting for phone to scan the QR code:
- After the phone has scanned the QR code:
Updating an existing offline device
Switching the Authentication Server from Offline to Online registration only affect new devices. Existing Offline registered devices will remain offline until they are migrated to be online. To allow for an easier user migration users can simply rescan a new QR code for their device to make it work Online. This avoids creating new profiles in the Authlogics Authenticator App and also prevents the need to remove the old decice and add a new one from scratch.
- From the Self Service Portal the user simply ticks the device they want to update, they then click the "Rescan Device" button.
- The user is given instructions to scan a QR code in the Authlogics Authenticator App and click Next.
-
The QR code is displayed for the user to scan.
- Once the user has scanned the QR code the device registration will be switched from Offline to Online.
Note: The previous Authlogics Authenticator App profile will be migrated to a new Online profile where the settings can be controlled from the Authentication Server.
Enable Mobile Push for multiple users
One user at a time
Users can be enabled for Mobile Push one at a time from the user property "Push" tab by ticking the "Enable Mobile Push Authentication" box.
Multiple users at once
To bulk enable users for Mobile Push simply:
- Select all the users you want to enable fo Mobile Push and click "User Account Management" on the right.
- Run through the wizard up to the Mobile Push Authentication screen. Ensure that "Enable Mobile Push Authentication" is ticked. It is also recommended that "Require Biometric Seed" is enabled for additional security.
- Complete with wizard to apply the changes to all the selected accounts.
In order for a user to use Mobile Push MFA, the user must be enabled for Mobile Push and have a Online registered device.
0 Comments