Configuring the Solution
To configure the solution, perform the following procedures/steps as required by your deployment:
| Step | Description | Purpose |
|---|---|---|
|
|
Configure the Push Delivery Gateways (Apple, Google and Windows) |
To specify the Azure hub information that allows notifications to be sent to Google Android, Apple, or Microsoft Windows 10/11 devices. |
|
|
To allow this system user to communicate with the ActivID AS server by creating the logon and assigning the push-based validation permissions. |
|
|
|
Optional – You can use pre-configured channels. |
To customize the communication channels for the mobile push-based validation process. |
|
|
To add the Push Delivery Gateways through which the notifications will be sent during the push-based validation process. |
|
|
|
To specify the URL and TLS certificate of your ActivID AS server, allowing the mobile device to communicate with the server. To specify the crypto mode to operate (OPMODE parameter). |
|
|
|
Optional – You can use pre-configured credential types. |
To customize key characteristics for each key provisioned on the mobile during Service registration. |
|
|
To configure the Secure Codes generated by HID Approve. |
|
|
|
To enable notifications of registration and/or operation validation processes to external Web Portal Banking Applications. |
Only mandatory steps are detailed.
For advanced configurations, see Advanced Configuration for Push Authentication.
For reference, an illustration of a quick deployment is provided in Quick A-Z Deployment Overview.
The following table details the ActivID AS push-based validation parameters and their default values.
| Parameter | Description | Values |
|---|---|---|
|
Push-based Validation Direct User |
System user for Push-based Validation process |
spl-api |
|
Mobile Service Registration |
||
|
Mobile Registration URL |
URL to connect to ActivID AS when using the manual service registration method. |
<hostname>:<https port number>/ |
|
Mobile Registration Channel |
Channel used during the Service registration process on the mobile device. |
CH_TDSPROV |
|
Mobile Registration Authentication |
Authentication policy used during the Service registration process by the System Direct user (transparently) and by the end user. |
AT_TDSOOB |
|
Mobile Registration Virtual Device |
Virtual device type used during the Service registration process. It contains the Mobile Registration credential. |
DT_TDSOOB |
|
Mobile Registration Credential |
Credential type used to authenticate end user to initiate the Service registration. |
CT_TDSOOB |
|
Push-based Validation (for Logon or other Action) |
||
|
Push-based validation URL |
URL used by the application to connect to ActivID AS to retrieve notifications. |
<hostname>:<https port number>/ |
|
Mobile push-based Logon validation Authentication |
Authentication policy used during the Logon validation process by the end user. |
AT_PASA |
|
Mobile push-based Logon validation Channel |
Channel used during the Logon validation process. |
CH_PASA |
|
Mobile Logon validation Credential |
Credential used during the Logon validation process. |
CT_PASAV4 |
|
Mobile push-based Action validation Authentication |
Authentication policy used during Action validation by the end user. |
AT_TDS |
|
Mobile push-based Action validation Channel |
Channel used during the Action validation process. |
CH_TDS |
|
Mobile Action Validation Credential |
Credential used during Action validation. |
CT_TDSV4 |
|
Mobile application update Authentication |
Authentication policy for Mobile Application information update on server. |
AT_SMK |
|
Mobile application update Channel |
Channel for Mobile Application information update on the server. |
CH_SMK |
|
Transport Key for Mobile Service communications Credential |
Credential for Mobile Application information update on the server. |
CT_SMKV4 |
|
Mobile push based validation Device |
Device type for Mobile push-based validation Application. |
DT_TDSV4 |
|
Secure Code generation on mobile |
||
|
Customer One Time Password Authentication |
One-time password logon for user authentication using the Secure code generated on the mobile. |
AT_CUSTOTP |
|
Mobile OATH Event Credential |
OATH Event-based credential used to generate Secure Code. |
CT_TDSOE |
|
Mobile OATH Time based Credential |
OATH Time-based credential used to generate Secure Code. |
CT_TDSOT |
|
Mobile OATH OCRA Event based Credential C/R |
OATH OCRA Event-based credential used to generate response from a Challenge. |
CT_TDSOAECR |
|
Mobile OATH OCRA Time based Credential C/R |
OATH OCRA Time-based credential used to generate response from a Challenge. |
CT_TDSOATCR |
|
Mobile OATH OCRA Event based Credential SIGN |
OATH OCRA Event-based credential used to generate response from a Signature. |
CT_TDSOAESIGN |
|
Mobile OATH OCRA Time based Credential SIGN |
OATH OCRA Time-based credential used to generate response from a Signature. |
CT_TDSOATSIGN |
Topics in this section
