Mobile Provision Code

From Swivel Knowledgebase Wiki

Jump to: navigation, search


Image:logo.gif


Contents

Mobile Provision Code Overview

From PINsafe 3.8 onwards the PINsafe Mobile client must be provisioned to allow the Mobile client to download security strings for a user. The advantages of this are:

  • A user cannot download another persons security strings
  • Provisioning a mobile device prevents a user from downloading security strings to another device without being provisioned.

Each username may have one Mobile Client Provisioned. A request to provision a new mobile device or re-provision an existing mobile device that reaches the PINsafe server will invalidate the current security strings. This article explains how to provision or re-provision a PINsafe Mobile client.

This document supplements the existing documents for individual phone types:

For the Java Applet version see Swivlet How To Guide

For the Windows Mobile version see Windows Mobile How To Guide

For the iPhone client see IPhone

For the Android client see Android


Requirements

PINsafe Mobile Client that supports PINsafe 3.8 or higher provisioning

PINsafe appliances will need their proxy upgrade to handle the provisioning, see How to upgrade the appliance proxy for PINsafe 3.8


PINsafe Configuration

Mobile Provisioning

PINsafe 3.8 and higher requires each mobile phone to be provisioned so it can be uniquely identified. Ensure that all Mobile Client users have suitable Transports configured to receive their Provision Code. To provision the mobile client on the PINsafe Administration Console select User Management, locate the required user, click on the user to reveal the management functions and click Reprovision. The code sent to the user is valid for a length of time set under: PINsafe Administration Console select Policy/Self-Reset. Earlier versions of PINsafe do not need to use a Mobile Provision.

Image:PINsafe 3.8 User Administration User Management.jpg


On the PINsafe Administration Console log a message should indicate that the Mobile Provision Code has been successfully sent to the user:

Message sent to user: username, destination: username@emailaddress.com.

User "username" can now reprovision their mobile device.

Message added to message queue for user: username, destination: username@emailaddress.com.

Provision code created for user "username"


Mobile Self Provisioning

A user can be permitted to provision their own mobile device. To allow this, on the PINsafe Administration Console select Policy/Self-Reset then set the following parameters as required:

Allow user self-provision of mobile client: Default No, Options Yes/No

Log device information when provisioning: Default No, Options Yes/No

Provision Code Validity period (seconds): Default 600, Options 10-1000000 Note: this value is for all Mobile Provision Codes.

To configure the self Provision/Re-provision see the Mobile Re-Provision How to Guide


Obtaining a Provision code using the Self Provisioning feature

A user should be able to access the Provision page from https://ApplianceIP:8443/reset/provision.jsp as shown in the screenshot below:

Image:Provision code sent.PNG

However, this requires that you install the latest 3.8 compatible ResetPIN application. For further information see the ResetPIN upgrade for PINsafe 3.8 How To Guide article.


Mobile Client Configuration

Mobile clients may have some variation.

Note: Re-Provisioning a mobile client will invalidate the current security strings for the client.

From the PINsafe Mobile Client select settings, then select Re-Provision. A text box should appear to enter the Mobile Provision Code.

Image:PINsafe Android Client.png Image:PINsafe Android Client PINsafe Reprovision.jpg Image:PINsafe Android Client Provision Code.jpg


Enter the Mobile Provision Code and observe the screen input for a Provisioning. Please wait... message. When complete a Device Provisioned message briefly appears on the screen.

Image:PINsafe Android Client Provision Code entry.jpg Image:PINsafe Android Client Provision Code provisioning attempt.jpg Image:PINsafe Android Client Provision Device Provisioned.jpg


Verify Device Provisioning

On the PINsafe Administration console, check the logs for a provisioning message:

User "gfield" provisioned successfully


Error Messages

Failure Please check your settings or try again later. Message: Provision Failure

The following log message may be seen in the PINsafe Administration Console:

User "gfield" provision failed, A valid session could not be loaded or created for the user.

This can be caused by an incorrect Mobile Provision Code, or the time allowed for provisioning a device has been exceeded.

Note: The security strings on the mobile phone will be invalid until a succesful provision is carried out and a new set of security strings are downloaded.

Image:PINsafe Android Client Provision Failure.jpg


AgentXML request failed, error: No suitable authentication method for the user "qwerty" was found. The user may be missing from the user repository or a synchronisation has not yet occurred.

or

Mobile request from unknown user; the user needs to reprovision

A Mobile Provision Code was entered for a user who is not present on the PINsafe user database.

Retrieved from "http://kb.swivelsecure.com/wiki/index.php/Mobile_Provision_Code"
Personal tools