Managing Device Authenticator
You can manage the HID Approve and OTP Token authentication methods in the Devices tab.
Unlocking an OTP Token
When a user enters the PIN incorrectly a specified number of times, then the device will be locked. You can use the UNLOCK button.
To Unlock the OTP Token Device follow the below steps:
-
Go to: User Account page >> Authentication Methods and Activity section >> Devices tab
-
Select the UNLOCK button of the required device.
Note: If there are multiple slots (for e.g. Device Serial Numbers 3456278211-1, 3456278211-2 etc.,) available for an OTP Token and assigned to a user, the unlocking action will be applicable for all the slots. -
Ask the user to provide the generated challenge in the OTP device when you attempt to unlock the device.
-
Enter the Challenge and click Continue.
-
Provide the computed Response to the user and instruct the user to enter it into the OTP device. Then user can create a new PIN.
Unassigning an OTP Token
In order to stop a user from authenticating through the OTP Token, you can use the UNASSIGN button. Follow the below steps to unassign a device:
-
Go to: User Account page >> Authentication Methods and Activity section >> Devices tab
-
Select the UNASSIGN button of the required device Authenticator.
Note: If there are multiple slots (for e.g. Device Serial Numbers 3456278211-1, 3456278211-2 etc.,) available for an OTP Token and assigned to a user, the unassigning action will be applicable for all the slots. -
An Unassign Device dialog box appears, click OK to unassign the device authenticator from user.
Once an OTP Token is unassigned from the user, the user will not be able to use the OTP Token for authentication. The OTP Token can be re-assigned to the same user or any other user.
Resynchronizing an OTP Token
If the OTP Token counter loses synchronization with the Authentication Service, authentication will fail. In order to resolve this you can resynchronize the counter value; to do that follow the below steps:
-
Go to: User Account page >> Authentication Methods and Activity section >> Devices tab
-
Select the RESYNC button of the required OTP Token. Resynchronize Device dialog opens.
Note: If there are multiple slots (for e.g. Device Serial Numbers 0965516067-1,0965516067-2 etc.,) available for an OTP Token and assigned to a user, you must select any one slot to enable RESYNC button. -
A Resynchronize Device dialog box appears, enter the OTP generated from the OTP Token and click CONFIRM. This will attempt to resynchronize the OTP Token counter(s) and the user should be able to authenticate using their OTP Token.
Deleting a Device Authenticator
You can delete a device authentication method for a User by following the below steps:
-
Go to: User Account page >> Authentication Methods and Activity section >> Devices tab
-
Select the Delete button of the required authentication method.
Note: If there are multiple slots (for e.g. Device Serial Numbers 3456278211-1, 3456278211-2 etc.,) available for an OTP Token and assigned to a user, the deleting action will be applicable for all the slots. -
A Delete Device dialog box appears, click OK to delete the device authenticator.
If you delete an OTP Token, the corresponding device will be removed from the inventory. To activate the deleted OTP Token device, it must be imported again, although the imported OTP Token may not be synchronized with the physical OTP Token. Visit Importing Devices for more information.