2.0 Mobile Clients Administration

From Swivel Knowledgebase
Jump to: navigation, search



The Swivel iPhone App v2 Overview

Swivel Secure now offers a new and improved iPhone and iPad client for use with the Swivel platform. This article explains how to download, configure and use this client. For other phones see Mobile Phone Client.


Requirements

iPhone, 4S, 5, 5C and 5S

The Swivel virtual or hardware appliance must be reachable from the mobile phone to receive a Security string

Security strings must be entered as seen on the screen (previous versions had a comma to seperate the index and number, this has been removed from this version)

Virtual or hardware appliances using Swivel 3.10 may require an upgrade on their proxy to provision a mobile device, see Appliance Proxy Server Upgrade


Versions

version 2.0 BETA release around 1st May 2014

  • Navigate back and forward through security strings
  • URL provisioning


Which version do I need?

Swivel version 2.0, 1st May 2014. For Swivel version 3.10, iOS 5.0 or later


Swivel Configuration

Configuring Mobile Client user access on the Swivel virtual or hardware appliance

To allow a user to authenticate using a One Time Code from a mobile app, the user must have Mobile app authentication enabled. To do this on the Swivel Administration console ensure that the group they are part of has access to the Mobile Client under Repository Groups.


Configuring the Swivel Authentication

Swivel can authenticate users using the mobile client to authenticate by RADIUS or Agent-XML authentication

  • For RADIUS authentication see RADIUS Configuration Note: The access device must be configured to use PAP for authentication.

Allow user to browse strings: Options Yes/No, Default No. Version 3.9.6 onwards. This option allows the Mobile Phone App user to browse through the security strings. Availability to this feature is server controlled.

Provision Number Is Numeric: Options Yes/No, Default No. Version 3.10 onwards. This option allows the Mobile Phone App user to set the keyboard input type for the provision ID field. Availability to this feature is server controlled.

Sync Index: Options Yes/No, default No. Version 3.10.2. Version 3.10.2 onwards. When set to yes a check is made when the next Security string or One Time Code is requested from the App, if it has not been used, then it will not show the next available value. If set to No, the user can go to the next whether the previous has been used or not.

Support Email Address: Options String Data, Default "". Version 3.10 onwards. This option allows the Admin to set a support email address so that the mobile client can be pre-configured to email the support desk. Availability to this feature is server controlled.

Support Phone Number: Options String Data, Default "". Version 3.10 onwards. This option allows the Admin to set a support phone number so that the mobile client can be pre-configured to phone the support desk. Availability to this feature is server controlled.

VPN URL Scheme: Options String Data, Default "". Version 3.10 onwards. This option allows the Admin to set a vpn url so that the vpn client can be launched directly from the mobile app. Availability to this feature is server controlled.


Mobile Provisioning

Swivel 3.10 and higher requires each mobile phone to be provisioned so it can be uniquely identified. Ensure that all Mobile Client users have suitable Transports configured to receive their Provision Code. To provision the mobile client select the user and click Re-provision. Earlier versions of Swivel do not need to use a Mobile Provision Code. See Mobile Provision Code.


Mobile Client Policies

For the Server based policies see Mobile Client Policies


iPhone Installation and Configuration

The Swivel iPhone iClient is available from the Apple App Store. You can click the icon below to open the App within iTunes, or follow the instructions in this article to navigate to the App within the App Store.


Download compatible with Swivel 3.8 onwards

IOS mobile app icon.jpg


Configuring the app

When you launch the app you will see the bottom navigation screen this will allow you to browse the menu options avaiable, from here you can choose the server settings and enter the server ID you have been emailed.

Get Server Settings

If a SSD server is being used, then select Server Settings and enter the Server ID, otherwise the settings can be manually entered with information from the Swivel System administrator. You can reach the manual setting from the server settings page.


IClientConfig.PNG


The settings are

  1. User Your username that you use when you authenticate via Swivel
  2. Webservice URL The URL from where the client can download security strings (or keys)
  3. Webservice Port The port number used by the web service. For an virtual or hardware appliance this is 8443, for a software install this is 8080
  4. Webservice Context The context used by the web service. For a virtual or hardware appliance this is proxy, for a software install this is usually pinsafe

Once you have entered the settings you can select Submit.


Mobile Provision Code

Swivel versions 3.10 and higher require each Mobile device to be Provisioned with a Code sent from the Swivel server. To provision a phone see Mobile Provision Code.


Downloading Security Strings

From the main menu where you can test the settings by Selecting the Update Keys option. This will attempt to retrieve Security Strings from the Swivel server.

Ios app update keys pre.png Ios app update keys post.png

If there are any problems and error message will be displayed

You can confirm that keys have been downloaded by checking the server logs

The Swivel server will display the following log message Security strings fetched for user: username


Options

The following options are available:

Auto extract OTC, Prompt for PIN Number to auto-extract OTC, Options, enable/disable. This option may be turned off on the Swivel server. When enabled ths allows the user to enter their PIN number and a One Time Code will be displayed. Note that there is no error checking of the PIN, so if an incorrect PIN is entered an incorrect One Time Code will be displayed.

Allow String Browsing, This is a Swivel server controlled option, which if enabled will allow the user to browse through security strings on the mobile app.


Authenticating with app and PINsafe

To use the Swivel iPhone app to authenticate is very simple.

  1. Open the app on your iPhone
  2. Select Authenticate
  3. The client will show a security string with a row of placeholders 1234567890 above it.
  4. Use your PIN to extract your one-time code, eg if your PIN is 2468 take the 2nd 4th 6th and 8th characters of the Security String, 1870 in the example.
  5. Enter the OTC into the authentication dialogue, including the ',' and the following 2 digits. e.g. 1870,02

If you need to authenticate again you can select the 'Next' button and a new string will be displayed


13authascreen.png


Updating Keys

The client downloads 99 keys at a time and these keys are used one at a time until there are none left. However a new set of 99 keys can be downloaded at any time by selecting Update Keys. Downloading keys requires network connectivity so it is recommended that you download a new set of keys before the iPhone is likely to be without network connectivity for any length of time.


Troubleshooting

  • Is the Swivel server accessible on the internet
  • Check the connection settings to the Swivel server
  • Check the Swivel logs for any error messages
  • Can the phone access the internet
  • If a RADIUS connection is seen from the access device to the Swivel server but authentication fails, try using PAP
  • Download new security strings to the phone and retest
  • Is the OTC being entered with the comma and last two digits. E.g. 7329,62
  • Login fails and User receives a security string or One Time Code by SMS or email at each login attempt. The index is required to be entered as nn on the end eaxample: 292401, Swivel versions earlier than 3.10 require ,nn example: 2924,01 otherwise it will see it as a dual channel authentication.
  • If the proxy port (8443) on the virtual or hardware appliance is being used, ensure that it supports the proxy request of the key retrieval using AgentXML. If this is the case then contact Support for an updated version of the Proxy.


Error Messages

Incorrect settings - please check your settings

The settings for downloading the security strings are incorrect. Verify what has been entered, and check what the values should be.


Timed Out

The settings for connecting to the Swivel server may be incorrect or the port is being blocked.


AGENT_ERROR_NO_SECURITY_STRINGS, AGENT ERROR NO SECURITY STRINGS

See AGENT ERROR NO SECURITY STRINGS


Tested Mobile Phones

The following phones have been tested

Mobile Phone Compatibility
Manufacturer Model Version Operator Compatible Y/N
Apple 5 7 - Y
Apple 5 6.1.4 O2 Y
Apple 4 4.3.3 Vodafone Y
Apple 3GS 4.0 Not Known Y
Apple 3G 4.0 Deutche Telekom Y

The iPhone applet will also work on the iPad


Known Issues and Limitations

  • The current version only supports one device per user.
  • Currently only 4 digit PIN numbers are supported within the iPhone iClient (3.7 and earlier). This limitation does not affect the iPhone app Swivel 1.1 which is compatible with Swivel 3.8 onwards.
  • iPhone Client 1.1 selecting the settings option will cause the iPhone client to be re-provisioned.
  • iPhone Client 1.0 and 1.1 only support the use of number in the security string.
  • iPhone Update to iOS7 is incompatible with version 1.4 and below of the Swivel mobile app. The application should update automatically but if not then you can update through the app store. (This limitation does not apply to the older Swivel mobile app)

Keywords: iPhone, iClient, Swivel, App, AppStore, Apple, iPad


Legacy

Download compatible with Swivel 3.7 and earlier

PINsafe iClient.PNG

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=2.0_Mobile_Clients_Administration&oldid=1721"