Manage Session Transfer Codes
The period for which a user is authenticated to ActivID AS is called a session. An indirect user indirect users are end users, such as an organization's customers. Indirect users do not make direct use of ActivID AS services. They are authenticated to or managed by applications which themselves authenticate as direct users in order to obtain certain permissions. For example, a call center agent (direct user) can verify a customer’s identity (authenticate) via the ActivID Management Console.’s session can be transferred between direct users Direct users are people or entities that connect directly to ActivID AS through APIs or through the ActivID Management Console. For example, operators and administrators who log on to the ActivID Management Console are direct users. Also, an internet banking server is a direct user when it uses an ActivID AS authentication service exposed through the public API to authenticate a customer.. This enables direct users (operators) to perform different transactions on behalf of the indirect user’s request(s).
Search users
Read user details
Read reference data
The following table describes the required permissions to perform specific operations for a user, with or without a session transfer code.
Operator Privilege Required | Action (Button/Link) | |
---|---|---|
Indirect User Present (using session transfer code) | Indirect User Not Present | |
Administer devices user present |
Administer all devices |
|
Change indirect SQ responses user present |
Change SQ responses user not present |
|
Change indirect password user present |
Change password user not present |
|
Reset indirect password user present |
Reset password user not present |
Note: This option is not available in this version.
|
For illustration purposes, two operators (Op01 and Op02) are used as sample operators.
Generate and Transfer an Indirect User Session
-
(As Op01) In the user’s Identity tab, click Generate a Session Transfer Code.
-
Select an Authentication Policy from the drop-down list.
-
Select a Session Transfer Policy from the drop-down list.
The default session transfer policies are:
Policy name Format Expiry period Length NUM001 Numeric 10 minutes 8 digits NUM002 Numeric 3 minutes 20 digits ALP001 Alphabetic 10 minutes 8 digits ALP002 Alphabetic 3 minutes 20 digits ANU001 Alphanumeric 10 minutes 8 digits ANU002 Alphanumeric 3 minutes 20 digits -
Click Next.
-
Select the Channel on which the user’s identity is being verified.
-
Depending on the authentication policy, provide answers to the Security Questions if the authentication policy is a Q&A authentication policy, or provide a password if it is a static password authentication policy.
-
Click Generate.
-
Make a note of the code and click Close.
-
Forward the call to Op02, and provide the generated session transfer code.
If the user tries to generate a session transfer code from an activation code instead of the OTP, then the following error message appears.
If authentication is successful, a generated Session Transfer Code is displayed.
If the authentication fails, then an error message appears.
Retrieve the Indirect User Session using the Code
-
As Op02, go the Advanced User Search page.
-
Enter the Session Transfer Code provided by Op01, and then click Transfer.
The User Details page appears. As Op02, you can now perform requests for the indirect user such as changing the user password, or editing the user’s security questions and responses.