Flexible Identity. OTP hardware tokens guide. Authentication. version 1.0.0

Similar documents
Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Welcome Guide for MP-1 Token for Microsoft Windows

BlackShield Authentication Service

User Guide. SafeNet MobilePASS for Windows Phone

KT-1 Key Chain Token. QUICK Reference. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

NetIQ Advanced Authentication Framework - Smartphone Applications

Hang Seng Business e-banking. New Security Device. Frequently Asked Questions

MCBDirect Corporate Logging on using a Soft Token

Reset Virtual Gateway Password Job Aid

Setting up On line Account

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

BlackShield ID MP Token Guide. for Java Enabled Phones

DPH TOKEN SELF SERVICE SITE INSTRUCTIONS:

Business ebanking - User Sign On & Set Up

McAfee Endpoint Encryption 7.0 Users Guide and FAQ

Process: Self Service

Security Token User Guide

SafeNet Authentication Client (Windows)

Sophos Mobile Control User guide for Apple ios. Product version: 4

How to Use Remote Access Using Internet Explorer

Frequently asked questions.

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Provider OnLine. Log-In Guide

Collaborate.ets.org Password Setup & Recovery Guide. Table of Contents

PrimeSecure Self-Service User Guide Revision 1.2

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Mobile Phone SMS version

These additional levels of security are NOT required if you are using a Derbyshire County Council machine on council premises.

Sikorsky Aircraft. Supplier Portal Password Activation Process. Revision H

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

a. StarToken controls the loss due to you losing your Internet banking username and password.

Sophos Mobile Control User guide for Android

SAS. Administration Guide. Version /aug/12

User Guide for CDC s SAMS Partner Portal. Document Version 1.0

Instructions for the Integrated Travel Manager (ITM) Self Service Password Reset (May 2011)

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

PaymentNet Federal Card Solutions Cardholder FAQs

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

CitiDirect BE. Getting Started Kit. Solution Corporate and Public Sector Clients in Singapore. Welcome to CitiDirect BE!

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Smart Phone App version

Monash Health Self Service

IMS Health Secure Outlook Web Access Portal. Quick Setup

When you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.

Self-Service Password Manager

account multiple solutions

Citrix Single Sign-On Self-Service Password Reset

Centralized Self-service Password Reset: From the Web and Windows Desktop

Sophos Mobile Control user help. Product version: 6.1

Users Guide to Internet Banking Self Service Enrollment

PAHO Self-Service Password Management Quick Reference Guide December 2014

This document shows new Citrix users how to set up and log in to their Citrix account.

Sophos Mobile Control User guide for Android. Product version: 4

Remote Access: Internet Explorer

Security Cooperation Information Portal

River Valley Credit Union Online Banking

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

USER-FAQ (2FA) Q. What are the key features of Fraud Management Solution (Baroda isecure)?

Two Factor Authentication. Software Version (SV) 1.0

Mobile Iron User Guide

IBM Security Access Manager for Enterprise Single Sign-On Version User Guide IBM SC

McAfee Endpoint Encryption (SafeBoot) User Documentation

The Initial Registration Process. During the initial registration process, this guide assumes the user has been provided a login ID.

Table of Contents. What is Brute Force Attack? 13 How does the diskashur protect against brute force attack? 13

Remote Access Password Tips

Digital Signatures on iqmis User Access Request Form

Security Upgrade FAQs

Quest Soft Token for Windows Phone User Guide

SafeNet MobilePASS Version 8.2.0, Revision B

F-Secure Mobile Security for Business. Getting Started Guide

Getting Started with Web Based Data Reporting. November, 2005

Enhanced Security for Online Banking

SELF-SERVICE PASSWORD RESET PORTAL:

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Using YSU Password Self-Service

Intel Anti-Theft Service

Merchant On The Move Android Professional Edition User Guide and Tutorial

How do I enroll in the password portal?

BITLOCKER USER GUIDANCE

iii. You will not be able to access their iocbc account without a valid OTP token from 1 Nov 2012 onward.

What is e-services? Registered User Portal RUP

Department of Supply & Services (CIMS) RSA Web Express User Guide v1.2

MULTI-FACTOR AUTHENTICATION SET-UP

NetClient CS Document Management Portal User Guide. version 9.x

NetIQ Advanced Authentication Framework

RSA SecurID Token User Guide February 12, 2015

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Using the Westat Secure Transfer System (WSTS)

Resource Online User Guide JUNE 2013

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

CSOS Certificate Support Guide. Version: 1.1 Published: October 1, 2006 Publisher: CSOS Certification Authority

User Self-Service Configuration Overview

Single Sign-On Portal User Reference (Okta Cloud SSO)

Managing Your Network Password Using MyPassword

Transcription:

Flexible Identity Authentication OTP hardware tokens guide version 1.0.0

Publication history Date Description Revision 2015.10.01 initial release 1.0.0 Copyright Orange Business Services 2 of 19

Welcome Your company has chosen Orange Business Services Flexible Identity Authentication service to help you protect your on-line identity and the networks, applications and data you use from unauthorized access. The information in this guide applies to the following OTP hardware tokens: etoken PASS KT The information in this guide is intended for: end-users: people in your company that will use the Flexible Identity Authentication service. operators: people in your company that will manage your Flexible Identity Authentication end-users. administrators: people in your company that will manage the Flexible Identity Authentication service. If you are already comfortable with Flexible Identity Authentication terminologies and OTP hardware tokens, you can click one of the following icons for direct access to instructions: etoken PASS KT Copyright Orange Business Services 3 of 19

Contents 1 Overview... 6 1.1 What is an OTP hardware token?... 6 1.2 Why use an OTP token?... 6 1.3 How does an OTP token protect me?... 6 1.4 What additional security features does my OTP token offer?... 6 1.5 What is the difference between a token code and an OTP?... 6 1.6 What are the characteristics of my OTP token?... 7 1.6.1 Operation modes... 7 1.6.2 Synchronization methods... 7 1.7 What is self-enrollment?... 7 1.7.1 How do I self-enroll my OTP token?... 8 1.7.2 How long will my OTP token continue to operate?... 8 1.7.3 What if I have not received the self-enrollment email notification?... 8 1.8 What is the self-service portal?... 8 1.9 Why I can t logon using my OTP token?... 8 1.9.1 I entered an incorrect OTP... 8 1.9.2 My user account is locked... 8 1.9.3 My OTP token is out of synchronization... 8 1.9.4 My OTP token has been suspended or revoked... 9 1.10 What are my responsibilities?... 9 1.10.1 Where should I store my OTP token?... 9 1.10.2 What if I forget my OTP token?... 9 1.10.3 What if I lose my OTP token?... 9 1.10.4 How should I protect my PIN?... 9 1.10.5 How can I change my PIN?... 9 1.10.6 What if I forget my PIN?... 10 2 etoken PASS... 11 2.1 Introduction... 11 2.2 Specifications... 11 Copyright Orange Business Services 4 of 19

2.3 Enrolling etoken PASS token... 11 2.4 Authenticating with a etoken PASS token... 13 3 Self-service portal for etoken PASS... 14 3.1 Accessing the self-service portal Web site... 14 3.2 Resetting a etoken PASS token PIN... 14 3.3 Sending temporary sign-in password by e-mail/sms... 14 4 KT... 15 4.1 Introduction... 15 4.2 Specifications... 15 4.3 Enrolling KT token... 15 4.4 Authenticating with a KT token... 17 5 Self-service portal for KT... 18 5.1 Accessing the self-service portal Web site... 18 5.2 Resynchronizing a KT token... 18 5.3 Resetting a KT token PIN... 18 5.4 Sending temporary sign-in password by e-mail/sms... 19 Copyright Orange Business Services 5 of 19

1 Overview 1.1 What is an OTP hardware token? An OTP hardware token: is a physical device that generates OTPs. is small, easy to carry. is portability and computing platform/application independence. 1.2 Why use an OTP token? Until now, you have probably logged into your organization s resources with your user name and a fixed password. The problem is that passwords are easily compromised, putting your identity and the resources you access at risk. An OTP token allows you to generated and use One-Time Passwords (aka OTPs) each time you log into your organization s resources. As the name implies, an OTP can be used only one time. Each time you log in, you use your OTP token to generate a unique OTP. 1.3 How does an OTP token protect me? Password theft is a common method that thieves and hackers use to steal identities and gain unauthorized access to networks and resources. Success depends on the stolen password being valid, in the same way that credit card theft relies on the card being usable until it is reported as stolen. Discovering the compromise is almost impossible until damage has been done. Using an OTP token solves this problem, because once you have logged in using an OTP, that password is no longer valid. Any attempt to log in by reusing the OTP will fail, and it will alert your network security professionals to a possible attack on your identity. 1.4 What additional security features does my OTP token offer? Depending on your organization s policies, your OTP token may be protected against unauthorized use by a Security PIN (aka PIN) that is known only to you. Like a bank card, a thief not only needs access to your OTP token, but must know your PIN as well. Do not share your PIN with others. Flexible Identity Authentication OTP hardware tokens support server-side PIN (stored on the Flexible Identity Authentication server). 1.5 What is the difference between a token code and an OTP? The OTP value depends on the PIN protection of your OTP token: no PIN-protection: the token code forms the OTP. Copyright Orange Business Services 6 of 19

server-side PIN-protection: depending on your organization s policies, you need to enter your PIN either before or after the token code to form the OTP. 1.6 What are the characteristics of my OTP token? The characteristics of your OTP token are defined by your organization and applied when your OTP token is initialized. 1.6.1 Operation modes Flexible Identity Authentication OTP hardware tokens support QUICKLog synchronous operation mode, that greatly simplifies your logon experience and strengthens security (compared to challenge-response asynchronous mode). 1.6.2 Synchronization methods Flexible Identity Authentication OTP hardware tokens support event-based synchronization: the token code is generated each time you press the button your token. For each logon, the server compares the token code you submitted with the expected token code. Occasionally you may generate a token code without using it, causing the token code to be ahead or out of synchronization with the server during the next logon. There is a secure mechanism through which the server and your OTP token can automatically resynchronize during logon. Two OTP window types are managed by the server (window sizes depend your organization s policies): inner OTP window: a token code found inside this window will be accepted and the server is updated to adjust for your OTP token drift. outer OTP window: handles situations where the token code is not found in the inner OTP window. If a token code is found in this window, you re prompted to provide the next token code in sequence to successfully authenticate. If the token code is not found in the outer OTP window: OTP is considered as invalid. you have to resynchronize your token. 1.7 What is self-enrollment? Self-enrollment is a simple process during which you activate your OTP token. During the process, you may be required to enter or create a PIN. When you complete the self-enrollment process, you will be able to use your OTP token to generate token codes for login. Copyright Orange Business Services 7 of 19

1.7.1 How do I self-enroll my OTP token? The self-enrollment process begins when you receive your self-enrollment email notification. The email contains instructions and your enrollment URL. 1.7.2 How long will my OTP token continue to operate? Flexible Identity Authentication OTP hardware tokens will be able to generate OTPs until it is revoked by your IT administrator or until the battery is exhausted. 1.7.3 What if I have not received the self-enrollment email notification? If you have not received a self-enrollment email notification, please contact your IT administrator to arrange for a new email to be sent to you. 1.8 What is the self-service portal? The self-service portal is a Web site created to empower you to perform simple authentication management functions (the range of available functions depends on your organization s policies) and in the process, reduce the workload and your reliance on the help desk. The self-enrollment email notification contains the URL to access your self-service portal. 1.9 Why I can t logon using my OTP token? They may be several causes of failed login. 1.9.1 I entered an incorrect OTP This is the most common cause. To avoid this, ensure that: Caps lock mode is disabled on your keyboard. you enter right characters and keystrokes. your OTP is correctly formed (in accordance with the PIN protection type of your OTP token). 1.9.2 My user account is locked You exceeded the maximum number of consecutive failed logon attempts. You must wait the amount of time defined by your organization before your user account will unlock. 1.9.3 My OTP token is out of synchronization There is no simple way on your side to check if your OTP token is out of synchronization. In doubt, you can resynchronize it from your Self-service portal (if the function is available) before contacting your IT administrator. Copyright Orange Business Services 8 of 19

1.9.4 My OTP token has been suspended or revoked Please contact your IT administrator. 1.10 What are my responsibilities? Using your OTP token provides strong security, and simplifies your work efforts by reducing or eliminating the need to remember or periodically change passwords. As an additional measure, Orange recommends that you observe the following tips to ensure the highest level of security. 1.10.1 Where should I store my OTP token? You should keep your token separate from your computer. Do not leave it on your desk, or with your computer bag. Treat it as you would your wallet, purse, or credit cards, and keep it with you at all times. 1.10.2 What if I forget my OTP token? Your OTP token is a primary security device designed to protect you and the resources you access. Keep it with your car keys or purse or other valuable items that you use on a regular basis to minimize the potential to forget it. If you do forget your OTP token, contact your IT administrator. 1.10.3 What if I lose my OTP token? If you lose your token, report it immediately to your IT administrator: he will take the necessary actions to ensure the lost token does not present a security risk. Depending on your organization s policies, he will provide you with a temporary alternative for logging into the network until you receive a replacement token. 1.10.4 How should I protect my PIN? If you have a PIN, protect it just as you would the PIN for your bank or credit card. Never share it with anybody, including people you trust. This includes your colleagues and systems administrators at your company and personnel who are, or claim to be representatives of Orange or a Partner of Orange. You should be extremely suspicious of anyone who ever tells you at they need to know your PIN, and you should report any such incident to your IT administrator immediately. Never write down your PIN. 1.10.5 How can I change my PIN? If you wish to change your PIN, or if you are concerned that it has been compromised, use the Reset PIN function of your Self-service portal, or contact your IT administrator if this function was not enabled by your organization s policies. Copyright Orange Business Services 9 of 19

1.10.6 What if I forget my PIN? If you forget your PIN, use the Send sign-in password by e-mail/sms function of your Selfservice portal or contact your IT administrator if this function was not enabled by your organization s policies. Copyright Orange Business Services 10 of 19

2 etoken PASS 2.1 Introduction An etoken PASS token generates a new, pseudo-random token code each time you firmly push and then quickly release its button (located to the right and below the LCD display on the face). 2.2 Specifications Token lifetime: linked to battery lifetime (7 years with up to 10 OTPs/day). OTP security algorithm: SHA-1 Token code: string of 6 decimal characters. 2.3 Enrolling etoken PASS token Step 1: you have or will receive a Self-enrollment email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your Web browser to start the self-enrollment process. Step 2: enter the serial number (displayed on the back of your etoken PASS token), and then click the Next button. Copyright Orange Business Services 11 of 19

Step 3: firmly push and then quickly release the button of your etoken PASS token to generate a new token code, enter it in the OTP field (depending on your organization s policies, you may need to memorize and enter the displayed PIN either before or after the token code), and then click the Next button. If your etoken PASS token is PIN-protected, and depending on your organization s policies, you may be required to change the PIN on first use: enter your new PIN (you are required to reenter it for verification purposes), and then click the Next button. If successful, the following page is displayed: Step 4: memorize your User ID before closing your Web browser. Your etoken PASS token is now active and able to generate OTPs. Copyright Orange Business Services 12 of 19

2.4 Authenticating with a etoken PASS token You have the ability to authenticate with your etoken PASS token against any systems that require a logon password (such as your Self-service portal described below). Step 1: open the Self-enrollment email notification you previously received, and then click the Self-service portal Web site link (beginning with https://ss.safenet-inc.com/...). From the Selfservice portal homepage, click the Sign In button, and then the Sign in using your token button. Step 2: enter your User ID in the User ID field, firmly push and then quickly release the button of your etoken PASS token to generate a new token code, enter it in the OTP field (depending on your organization s policies, you may need to enter your PIN either before or after the token code), and then click the OK button. Step 3: if successful, the homepage of your Self-service portal is displayed again, but the Sign In button has been replaced by the Sign Out one. Copyright Orange Business Services 13 of 19

3 Self-service portal for etoken PASS 3.1 Accessing the self-service portal Web site Open the Self-enrollment email notification you previously received, and then click the Selfservice portal Web site link (beginning with https://ss.safenet-inc.com/...). 3.2 Resetting a etoken PASS token PIN Step 1: from the Self-service portal homepage, click the Reset PIN icon, the Sign in using your token button, and then authenticate against your Self-service portal. If successful, the Create New PIN page is displayed. Step 2: enter your new PIN (you are required to re-enter it for verification purposes), and then click the OK button. Step 3: if successful, the Your Security PIN has been successfully reset. message is displayed. Click the Sign Out button before closing your browser. 3.3 Sending temporary sign-in password by e-mail/sms This temporary sign-in password is only for authentication against the Self-service portal (useful to reset a forgotten PIN) and is valid during 10 minutes. Step 1: from the Self-service portal homepage, click the Sign In button, the Send Sign in password by e-mail (or Send Sign in password by SMS ), enter your User ID, and then click the Send button. Step 2: you have or will receive a Self-service Temporary Sign In Password email notification (or SMS) including your temporary sign-in password. Step 3: from the Self-service portal homepage, click the Sign In button, the Sign in using your token button, and then authenticate using your temporary sign-in password as OTP. Copyright Orange Business Services 14 of 19

4 KT 4.1 Introduction A KT token generates a new, pseudo-random token code each time you firmly push and then quickly release its button (located to the right and below the LCD display on the face). 4.2 Specifications Token lifetime: unlimited (replaceable batteries). OTP security algorithm: AES 256. Token code: string of 8 decimal characters. 4.3 Enrolling KT token Step 1: you have or will receive a Self-enrollment email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your Web browser to start the self-enrollment process. Step 2: enter the serial number (displayed on the back of your KT token), and then click the Next button. Copyright Orange Business Services 15 of 19

Step 3: firmly push and then quickly release the button of your KT token to generate a new token code, enter it in the OTP field (depending on your organization s policies, you may need to memorize and enter the displayed PIN either before or after the token code), and then click the Next button. If your KT token is PIN-protected, and depending on your organization s policies, you may be required to change the PIN on first use: enter your new PIN (you are required to re-enter it for verification purposes), and then click the Next button. If successful, the following page is displayed: Step 4: memorize your User ID before closing your Web browser. Your KT token is now active and able to generate OTPs. Copyright Orange Business Services 16 of 19

4.4 Authenticating with a KT token You have the ability to authenticate with your KT token against any systems that require a logon password (such as your Self-service portal described below). Step 1: open the Self-enrollment email notification you previously received, and then click the Self-service portal Web site link (beginning with https://ss.safenet-inc.com/...). From the Selfservice portal homepage, click the Sign In button, and then the Sign in using your token button. Step 2: enter your User ID in the User ID field, firmly push and then quickly release the button of your KT token to generate a new token code, enter it in the OTP field (depending on your organization s policies, you may need to enter your PIN either before or after the token code), and then click the OK button. Step 3: if successful, the homepage of your Self-service portal is displayed again, but the Sign In button has been replaced by the Sign Out one. Copyright Orange Business Services 17 of 19

5 Self-service portal for KT 5.1 Accessing the self-service portal Web site Open the Self-enrollment email notification you previously received, and then click the Selfservice portal Web site link (beginning with https://ss.safenet-inc.com/...). 5.2 Resynchronizing a KT token Step 1: from the Self-service portal homepage, click the Resync Token icon, enter your User ID in the User ID field, click the Next button, enter the serial number (displayed on the back of your KT token) in the Serial field, and then click the Next button. A response to the displayed challenge is requested. Step 2: firmly push and then quickly release the button to power on your KT token, press and hold the button (approximately 3-4 seconds) until the Init prompt appears, and then release the button. Your KT token will cycle through a series of prompts: press the button while the resync prompt is displayed. The digits will be displayed sequentially. For every digit of the resynchronization challenge, press the button to accept the displayed digit. After the last digit of the challenge is displayed, double-press the button to display your response code. Step 3: from the Self-service portal, enter your response code in the Response field and then click the OK button. Step 4: if successful, the Token successfully synchronized. message is displayed. You can close your Web browser. 5.3 Resetting a KT token PIN Step 1: from the Self-service portal homepage, click the Reset PIN icon, the Sign in using your token button, and then authenticate against your Self-service portal. If successful, the Create New PIN page is displayed. Copyright Orange Business Services 18 of 19

Step 2: enter your new PIN (you are required to re-enter it for verification purposes), and then click the OK button. Step 3: if successful, the Your Security PIN has been successfully reset. message is displayed. Click the Sign Out button before closing your browser. 5.4 Sending temporary sign-in password by e-mail/sms This temporary sign-in password is only for authentication against the self-service portal (useful to reset a forgotten PIN) and is valid during 10 minutes. Step 1: from the Self-service portal homepage, click the Sign In button, the Send Sign in password by e-mail (or Send Sign in password by SMS ), enter your User ID, and then click the Send button. Step 2: you have or will receive a Self-service Temporary Sign In Password email notification (or SMS) including your temporary sign-in password. Step 3: from the Self-service portal homepage, click the Sign In button, the Sign in using your token button, and then authenticate using your temporary sign-in password as OTP. Copyright Orange Business Services 19 of 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information