Configuring the Solution

To configure the solution, perform the following procedures/steps as required by your deployment:

Step Description Purpose
  1.  

Configure the Push Delivery Gateways (Apple, Google and Windows)

To specify the Azure hub information that allows notifications to be sent to Google Android, Apple, or Microsoft Windows 10/11 devices.

  1.  

Configure the Push-based Validation Direct user

To allow this system user to communicate with the ActivID AS server by creating the logon and assigning the push-based validation permissions.

  1.  

Configure the Push Channels

Optional – You can use pre-configured channels.

To customize the communication channels for the mobile push-based validation process.

  1.  

Configure the Authentication Policies

To add the Push Delivery Gateways through which the notifications will be sent during the push-based validation process.

  1.  

Configure Device Types

To specify the URL and TLS certificate of your ActivID AS server, allowing the mobile device to communicate with the server.

To specify the crypto mode to operate (OPMODE parameter).

  1.  

Configure Credential Types

Optional – You can use pre-configured credential types.

To customize key characteristics for each key provisioned on the mobile during Service registration.

  1.  

Configure a Secure Code

To configure the Secure Codes generated by HID Approve.

  1.  

Configure the feedback method

To enable notifications of registration and/or operation validation processes to external Web Portal Banking Applications.

Note:  

The following table details the ActivID AS push-based validation parameters and their default values.

Parameter Description Values

Push-based Validation Direct User

System user for Push-based Validation process

spl-api

Mobile Service Registration

Mobile Registration URL

URL to connect to ActivID AS when using the manual service registration method.

<hostname>:<https port number>/

Mobile Registration Channel

Channel used during the Service registration process on the mobile device.

CH_TDSPROV

Mobile Registration Authentication

Authentication policy used during the Service registration process by the System Direct user (transparently) and by the end user.

AT_TDSOOB

Mobile Registration Virtual Device

Virtual device type used during the Service registration process. It contains the Mobile Registration credential.

DT_TDSOOB

Mobile Registration Credential

Credential type used to authenticate end user to initiate the Service registration.

CT_TDSOOB

Push-based Validation (for Logon or other Action)

Push-based validation URL

URL used by the application to connect to ActivID AS to retrieve notifications.

<hostname>:<https port number>/

Mobile push-based Logon validation Authentication

Authentication policy used during the Logon validation process by the end user.

AT_PASA

Mobile push-based Logon validation Channel

Channel used during the Logon validation process.

CH_PASA

Mobile Logon validation Credential

Credential used during the Logon validation process.

CT_PASAV4

Mobile push-based Action validation Authentication

Authentication policy used during Action validation by the end user.

AT_TDS

Mobile push-based Action validation Channel

Channel used during the Action validation process.

CH_TDS

Mobile Action Validation Credential

Credential used during Action validation.

CT_TDSV4

Mobile application update Authentication

Authentication policy for Mobile Application information update on server.

AT_SMK

Mobile application update Channel

Channel for Mobile Application information update on the server.

CH_SMK

Transport Key for Mobile Service communications Credential

Credential for Mobile Application information update on the server.

CT_SMKV4

Mobile push based validation Device

Device type for Mobile push-based validation Application.

DT_TDSV4

Secure Code generation on mobile

Customer One Time Password Authentication

One-time password logon for user authentication using the Secure code generated on the mobile.

AT_CUSTOTP

Mobile OATH Event Credential

OATH Event-based credential used to generate Secure Code.

CT_TDSOE

Mobile OATH Time based Credential

OATH Time-based credential used to generate Secure Code.

CT_TDSOT

Mobile OATH OCRA Event based Credential C/R

OATH OCRA Event-based credential used to generate response from a Challenge.

CT_TDSOAECR

Mobile OATH OCRA Time based Credential C/R

OATH OCRA Time-based credential used to generate response from a Challenge.

CT_TDSOATCR

Mobile OATH OCRA Event based Credential SIGN

OATH OCRA Event-based credential used to generate response from a Signature.

CT_TDSOAESIGN

Mobile OATH OCRA Time based Credential SIGN

OATH OCRA Time-based credential used to generate response from a Signature.

CT_TDSOATSIGN

Topics in this section