Adding an Authenticator in Administration Portal

Add an Authentication Method

The Administration Portal allows an administrator to invite a user to setup HID Approve for multi-factor authentication.

In order to invite a user to set up HID Approve, follow the below procedure:

  1. Open the User Account page, and click the ADD AUTHENTICATION button.

  2. You will be prompted to select one of the below authentication method:

    • HID Approve- Administrator can invite a user to setup HID Approve for multi-factor authentication.

    • Password - Administrator can invite a user to setup a Password for authentication.

    • OTP Token - Administrator can assign a one-time password hardware device to a user for authentication.

  1. If you select the Password option, the user will receive an email with a temporary password and a link to set up a new Password. Visit Step 3 in First Time Login.

  1. If you select the HID Approve option, the user will receive an email with a link to set up HID Approve, visit Step 4 in First Time Login.

  2. If you select the OTP Token option, you will be prompted to enter a valid serial number of the hardware device you are assigning. The same device cannot be assigned to other users.

Managing Passwords

You can manage the password authentication in the Password tab.

Unlocking Passwords

After setting up a new password, the status of the Authenticator will change to Working in the User Account page. When a user enters the wrong password multiple times and reaches the failure threshold, the respective user account status will change to Lockedand the RESET FAILURE button will become enabled.

To unlock the static password, follow the below steps:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Password tab

  2. Select the RESET FAILURE button, the status will be changed to Active.

If a user remembers the current password, then you can unlock the password authenticator using the RESET FAILURE, which allows user to login using their current password.

If user forgets the current password, then you can delete the password authenticator (Deleting a Password) and add a new password authenticator, which will allow the user to set up a new password. The user can also reset a forgotten password in the Authentication Service login screen.

Deleting a Password

You can delete a password for any User Account.

To delete a password , follow the below steps:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Password tab

  2. Select the Delete button, the user's Password will be removed.

Managing Devices

You can manage the HID Approve and OTP Token authentication methods in the Devices tab.

Unlocking an OTP Token

After setting up an OTP Token , the status of the authentication method will change to Active in the User Account page. When a user enters a wrong OTP multiple times and reaches the failure threshold, the RESET FAILURE button will become enabled.

To Unlock the OTP Token Device follow the below steps:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Devices tab

  2. Select the RESET FAILURE button of the required device. The number of Authentication Failures will be reset to 0.

If you reset the failure count, the user can authenticate using the OTP Token, however authentications may still fail if the user's OTP Token has lost synchronization with the Authentication Service.

Unassigning an OTP Token

In order to stop a user from Authenticating through the OTP Token, you can use the UNASSIGN button. Follow the below steps to unassign a device:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Devices tab

  2. Select the UNASSIGN button of the required device Authenticator.

Once an OTP Token is unassigned from the user, the user will not be able to use the OTP Token for authentication. The OTP Token can be re-assigned to the same user or any other user.

Resynchronizing an OTP Token

If the OTP Token counter loses synchronization with the Authentication Service, authentication will fail. In order to resolve this you can resynchronize the counter value; to do that follow the below steps:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Devices tab

  2. Select the RESYNC button of the required OTP Token. Resynchronize Device dialog opens.

  3. Enter the OTP generated from the OTP Token and click CONFIRM. This will attempt to resynchronize the OTP Token counter(s) and the user should be able to authenticate using their OTP Token.

Deleting a Device Authenticator

You can delete a device authentication method for a User by following the below steps:

  1. Go to: User Account page >> Authentication Methods and Activity section >> Devices tab

  2. Select the Delete button of the required authentication method. Click OK to confirm.

If you delete an OTP Token, the corresponding device will be removed from the inventory. To activate the deleted OTP Token device, it must be imported again, although the imported OTP Token may not be synchronized with the physical OTP Token. Visit Importing Devices for more information.

Managing Activity Summary

You can see the activity summary for the user's authentication methods:

Go To: User Account page >> Authentication Methods and Activity section >> Activity Summary tab.