i-mobile Multi-Factor Authentication



Similar documents
Security Upgrade FAQs

Virtual Code Authentication User s Guide. June 25, 2015

Virtual Code Authentication User Guide for Administrators

Cash Management 5.0 User Guide

MCU Online and MFA (Multi Factor Authentication)

Mechanics Bank Mobile Banking Mobile Finance Manager (MFM) Application Windows Mobile Phone Installation

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Business Banking Customer Login Experience for Enhanced Login Security

Security Upgrade FAQs

Multi-Factor Authentication (MFA)

Cash Management. Getting Started Guide

Managing policies. Chapter 7

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

River Valley Credit Union Online Banking

Enhanced Login Security Frequently Asked Questions

DPH TOKEN SELF SERVICE SITE INSTRUCTIONS:

MULTI-FACTOR AUTHENTICATION SET-UP

NetIQ Advanced Authentication Framework - Smartphone Applications

U.S. Bank Secure Mail

Stewart Secure User Guide. March 13, 2015

Enrolling in Multi-Factor Authentication

DocuSign Connect for Salesforce Guide

Resident Experience. ResidentPay - Resident Experience 1

Business Mobile Banking

Safewhere*Identify 3.4. Release Notes

Set My University of Melbourne Identity Management Password for the First Time

Mechanics Bank Mobile Banking Mobile Finance Manager (MFM) Application Palm Treo Installation

New Participant Digital Certificate Enrollment Procedure

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

Instructions for the Integrated Travel Manager (ITM) Self Service Password Reset (May 2011)

How do I contact someone if my question is not answered in this FAQ?

Encrypted Users Guide. Revised 6/8/2015

Mobile Online Banking

Access Softek, Inc. Mobile Finance Manager (MFM)

Mobile and Text Customer Experience Online Banking Training Guide. i 2015 ChoiceOne Bank

Netteller: Online Banking User Guide

AVG Business SSO Connecting to Active Directory

Internet Banking User Guide

QUANTIFY INSTALLATION GUIDE

Multi-Factor Authentication Reference Guide

Operating Level Agreement for NYU Login Service

User Guide. Delta Controls Single Sign On

Enhanced Security for Online Banking

Support System User Guide

Security Token User Guide

Broker Portal Tutorial Broker Portal Basics

Business ebanking - User Sign On & Set Up

Getting Started with Clearlogin A Guide for Administrators V1.01

MULTI-FACTOR AUTHENTICATION SET-UP

Cofred Automated Payments Interface (API) Guide

Managing users. Account sources. Chapter 1

Gate City Bank Online Business Banking i

IRS e-services Registration Process

USER-FAQ (2FA) Q. What are the key features of Fraud Management Solution (Baroda isecure)?

Welcome to HomeTown Bank s Secure ! User Guide

CJIS Online Security Awareness Training. Vendor Guide

Your Setup Guide to Consumer Internet Banking What s Inside:

First initial of their first name Last name sign Client ID (selected by Client upon isi set-up)

DOCUMENT MANAGEMENT SYSTEM

OpenClinica SSL VPN Access New User Setup Guide

Self-Service Password Manager

Footprints Customer Interface Guide

NCAA Single-Source Sign-On System User Guide

Portal Recipient Guide

Mobile Banking web user guide

Provider OnLine. Log-In Guide

What is e-services? Registered User Portal RUP

Lenovo Partner Access - Overview

M&T Web InfoPLU$ GETTING STARTED GUIDE

POINT OF SALES SYSTEM (POSS) USER MANUAL

Quick Start Guide to Logging in to Online Banking

How to Delete Your Financial Institution (Banking Cookie)

What s the difference between my Home Banking password and my Enhanced Login Security?

Integrating with IBM Tivoli TSOM

CitiDirect BE. Getting Started Kit. Solution Corporate and Public Sector Clients in Singapore. Welcome to CitiDirect BE!

MC EDT Designee Maintenance Procedure Summary. Ministry of Health and Long-Term Care

Secure Actions for Recipients

Password Management Help

account multiple solutions

dotmailer for Salesforce Installation Guide Winter 2015 Version

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Monash Health Self Service

Quickstart Guide. Pro Online. Suite

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Vico Licensing Management System User Guide

Multi-Factor Authentication Job Aide

Getting ready to set up. Step 1. Step 2. Note:

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

TARGETPROCESS HELP DESK PORTAL

FDIC Secure Procedures for External Users April 23, 2010

Provider Express Obtaining Login Access. Information for Network Providers

BUSINESS NETTELLER ONLINE BANKING USER GUIDE

Your Setup Guide to Consumer Online Banking What s Inside:

Google Apps SSO to Office 365 Integration

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Partner Portal User Procedures

Frequently Asked Questions Ag Banking Online

Blackhawk Online Banking Frequently Asked Questions Get to know a little more about Blackhawk s new online banking service.

User Starter Guide. Webtop Set up

Transcription:

i-mobile Multi-Factor Authentication Introduction... 1 i-mobile Multi-Factor Authentication... 1 i-mobile WAP MFA Enrollment... 2 i-mobile Application MFA Enrollment... 4 Error Conditions and Resolutions... 5 No Registered Email Address... 5 Too Many ClientUIDs... 6 Expired One-Time PIN... 7 Dropping the One-Time PIN... 8 Outstanding One-time PIN... 9 MFA Enrollment Flowchart... 10 Introduction This document describes how Multi-Factor Authentication works with Mobile Finance Manager clients and the end-user experience. i-mobile Multi-Factor Authentication The Access Softek Mobile Finance Manager clients use the Multi-Factor Authentication support built into the Access Softek OFX server. This is a standard OFX Multi-Factor Authentication solution using the email channel to send a challenge the first time a device/browser accesses the OFX server using i- Mobile. The i-mobile applications and WAP clients send a unique client ID (called ClientUID) with each request to the OFX server. If the OFX server has not seen this ClientUID before, then the server either sends an email challenge or auto-enrolls the ClientUID (depending on the MFA configuration settings). If an email challenge is sent, it includes a one-time PIN that must be appended to the user s normal password in order to enroll the client successfully. After the client is enrolled, the one-time PIN is no longer used. The Access Softek OFX server has two main MFA configuration parameters: MFA ClientUID max limit This is the maximum number of OFX clients that can be enrolled by a user. Once the user exceeds this limit, they will receive a message to contact the FI s support. In this event, the FI will need to delete some of the old ClientUIDs for the user or adjust the user s individual MFA ClientUID max limit. MFA Auto-Enroll limit This is the number of clients that can be enrolled without the one-time PIN email challenge being sent. A notification email will still be sent to the customer notifying them that a new client was registered. FIs may choose to allow a certain number of clients to auto-enroll in order to simplify the initial enrollment process. It is possible to have the auto-enroll limit start at a number greater than zero and then reduce it in the future. Please see MFA_for_OFX_Server.doc for more information about the Access Softek OFX Server Multi- Factor Authentication feature.

i-mobile WAP MFA Enrollment The i-mobile WAP client generates a ClientUID the first time the user logs in with a new mobile device or browser. The ClientUID is stored in a cookie on the mobile device. If the user clears the browser s cookies, then a new ClientUID will be generated the next time the user logs into the WAP site and they will receive a new MFA challenge. Below are the steps for the i-mobile WAP MFA enrollment process: 1. Generally, when a user first logs into i-mobile WAP on a new device or browser, they receive the following message. This message is FI configurable via a database table. If the FI has configured an MFA Auto-Enroll limit that is greater than zero and the user is below the MFA Auto-Enroll limit, then the user will be enrolled without seeing this message or needing to use a one-time PIN. 2. An email will be sent to the user s email address on record in the host system. The email provides the user with a one-time PIN and instructions on how to use it. The email content can be customized within the M3 admin tool. NOTE: This email instructs the user on how to add the PIN number to the end of their personal password and later remove the one-time PIN after connecting for a second time. If the user does not remove the PIN they will receive an invalid login error on their next attempt to connect. Subject: Mobile Finance Manager One Time PIN Dear JOE, Please try logging in again with Mobile Finance Manager by adding the following one time PIN number to the end of your user password: 2455 For example: If your password is jumpxyz, you will need to type "jumpxyz2455" in the password field within Mobile Finance Manager.

This one-time PIN number will be valid until: Thursday, February 04, 2010 4:10:43 PM If your one-time PIN number expires please contact customer service at 301-249-1800 to have your PIN expiration extended. Once you have registered your Mobile Finance Manager client with your password and one-time PIN please reconnect a second time with your regular password without the one-time PIN. You have currently registered 3 client(s). California Ground Squirrel Bank allows you to register up to 99 clients. If you would like to register more clients than allowed, please contact customer service at 301-249-1800 to increase the maximum number of clients. Regards, California Ground Squirrel Bank 3. After reading the email with the one-time PIN, the user will enter their password plus the one-time PIN in the WAP password field as shown below. The one-time PIN is indicated in red. 4. After the user logs in with their password plus one-time PIN, the OFX server will send the user an email notifying them their client has been successfully registered. The email content can be customized within the M3 admin tool. Dear JOE, You have successfully registered your Mobile Finance Manager client. If you received a one-time PIN and have not already done so, please reconnect a second time with your regular password without the one-time PIN. Please contact customer service at 301-249-1800 if you have any questions. Regards, California Ground Squirrel Bank 5. Now the user should logout of WAP and log back in without the one-time PIN added to their password. 6. In the future, when the user logs into WAP from the same browser, the OFX server will recognize their ClientUID and not challenge them with a one time PIN.

i-mobile Application MFA Enrollment The i-mobile application Multi-Factor Authentication behavior is similar to the i-mobile WAP behavior. The i-mobile application generates a ClientUID the first time the user installs i-mobile on a new device and logs in. 1. Generally, when a user first logs into the i-mobile application on a new device, they will be shown the following message: If the FI has configured an MFA Auto-Enroll limit that is greater than zero and the user is below the MFA Auto-Enroll limit, then the user will be enrolled without seeing this message or needing to use a one-time PIN. 2. An email will be sent to the user s email address on record in the host system. The email provides the user a one-time PIN and instructions on how to use it. Refer to WAP enrollment Step 2 for a sample email. 3. After reading the email with the one-time PIN, the user must navigate to the i-mobile Setup screen and enter their password plus the one-time PIN in the password field as shown below. The one-time PIN is indicated in red.

4. After the user logs in with their password plus one-time PIN, the OFX server will send the user an email notifying them their client has been successfully registered. This email content can be customized within the M3 admin tool. Refer to WAP enrollment Step 4 for a sample email. 5. Now the user should navigate to the i-mobile Setup screen and remove the one-time PIN from the password field. If the user continues to use the password plus the one-time PIN, they will receive invalid signon errors. 6. In the future, when the user logs into the i-mobile application the OFX server will recognize their ClientUID and not challenge them. Error Conditions and Resolutions No Registered Email Address If the user does not have an email address on record in the host system and MFA is triggered, the user is shown this error message: "Please register an email address through Duke Credit Union's online banking site. Once you have registered an email please retry your request again."

Resolution: The user must register an email address on the host system. Too Many ClientUIDs If the user has reached the ClientUID max limit, then they will receive this error message: "You have attempted to login through too many devices. If you would like to login through additional devices, please contact Duke Credit Union at (919) 684-6704. This can happen if the user: 1) switches mobile devices, 2) accesses the WAP site from multiple browsers, or 3) clears their mobile browser s cookies.

Resolution: To resolve this condition, the FI can either delete some of the user s old ClientUIDs or adjust the user s individual MFA ClientUID max limit. Please refer to the MFA Management section of the M3 User Guide for further details on how this is done. Expired One-Time PIN The one-time PIN emailed to the user is only valid for a limited amount of time. If the user tries to use it after it has expired, they will receive this message: "Your one-time PIN has expired. Please contact Duke Credit Union at (919) 684-6704 to have your one-time PIN extended."

Resolution: The FI administrator can use the OFX M3 admin tool to extend the expiration date for the user s one-time PIN or drop the one-time PIN. We recommend dropping the user s one-time PIN. Selecting the Drop OTP button in the M3 Manage MFA page, does this When that is done the user will receive the following email: Subject: One time PIN Expired Dear JOE, Your one-time PIN number has been forced to expire by California Ground Squirrel Bank. Please reconnect using your Mobile Finance Manager client and a new one-time PIN will be sent to you. Please contact customer service at 301-249-1800 if you have any questions. Regards, California Ground Squirrel Bank Dropping the One-Time PIN

If the user has forgotten their one-time PIN or lost the email with their one-time PIN they will need to call the FI and ask the FI to reset their one-time PIN. Resolution: The FI administrator can use the OFX M3 admin tool to drop the user s one-time PIN. Selecting the Drop OTP button in the M3 Manage MFA page, does this. When the user s one-time PIN is dropped, the user will receive the same email as above. Outstanding One-time PIN The system will not allow the user to enroll a second new client if they already have a one-time PIN outstanding. If the user tries to enroll a second new client, they will receive this message: "You have an outstanding one-time PIN, please log back in by appending the one-time PIN to your normal password. If you need help, please contact Duke Credit Union at (919) 684-6704.

MFA Enrollment Flowchart

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information