The Swivel iPhone 2.0 App Overview

Swivel Secure now offers a iPhone and iPad client for use with the Swivel platform. This article explains how to download, configure and use this client. For other phones see Mobile Phone Client for earlier versions.

Requirements

Swivel 3.10 or higher

iPhone, 4, 4S, 5, 5C, 5S and 6.

The Swivel virtual or hardware appliance must be reachable from the mobile phone to receive security strings

The index is required to be entered as nn on the end eaxample: 292401, Swivel versions earlier than 3.10 require ,nn example: 2924,01 otherwise it will see it as a dual channel authentication.

Valid certificate on the Swivel server or non SSL, but not a self signed certificate

Updating Transports Transport HTML

Versions

version 2.1.1 released: 21/02/2015

• QR Code Provision
• Push Authentication Support

version 2.0 released

• Simple User Interface
• Extra Mobile Policies
• Help Section
• Citrix Receiver VPN Client support (iPhone Only)
• Removal of comma from OTC,

Which version do I need?

Swivel Mobile version 3.10 or later, iOS 5.0 or later.

Swivel version 3.10, iOS 5.0 or later

iPhone Mobile Client 2.0 version 2.0, TBA, iOS 7.0 or later

Swivel Configuration

Configuring Mobile Client user access on the Swivel virtual or hardware appliance

To allow a user to authenticate using a One Time Code from a mobile app, the user must have Mobile app authentication enabled. To do this on the Swivel Administration console ensure that the group they are part of has access to the Mobile Client under Repository Groups.

Configuring the Swivel Authentication

Swivel can authenticate users using the mobile client to authenticate by RADIUS or Agent-XML authentication

• For RADIUS authentication see RADIUS Configuration Note: The access device must be configured to use PAP for authentication.

• For Agent-XML authentication see XML Authentication Configuration

Allow user to browse strings: Options Yes/No, Default No. Version 3.9.6 onwards. This option allows the Mobile Phone App user to browse through the security strings. Availability to this feature is server controlled.

Mobile Provisioning

Swivel 3.8 and higher requires each mobile phone to be provisioned so it can be uniquely identified. Ensure that all Mobile Client users have suitable Transports configured to receive their Provision Code. To provision the mobile client select the user and click Re-provision. Earlier versions of Swivel do not need to use a Mobile Provision Code. See Mobile Provision Code.

Mobile Client Policies

For the Server based policies see Mobile Client Policies 2.0 for previous versions see Mobile Client Policies

User Experience with 'Quick Provisioning'

iPhone app 2.0 deployment from Swivel Secure.

Swivel deployment process for the Mobile App. 2.0. The video shows a user receiving an email, from the Swivel platform providing the links and process to use their smartphone with Swivel for 2FA access.

iPhone Installation and Configuration

The Swivel iPhone Client 2.0 is available from the Apple App Store. You can click the icon below to open the App within iTunes, or follow the instructions in this article to navigate to the App within the App Store.

Download compatible with Swivel 3.10 onwards

Configuring the app

When you launch the app you will see the helper wizard, at the bottom of the screen there will be menu icons to guide you through the mobile client options.

Get Server Settings

If an SSD server is being used, select Get Server Settings and enter the Server ID. Otherwise the settings can be manually entered with information from the Swivel System administrator.

The settings are

1. Username: Your username that you use when you authenticate via Swivel
2. Server: The URL from where the client can download security strings (or keys)
3. Context: The context used by the web service. For a virtual or hardware appliance this is proxy, for a software install this is usually pinsafe
4. Port: The port number used by the web service. For an virtual or hardware appliance this is 8443, for a software only install see Software Only Installation

Once you have entered the settings you can select Submit in the header location of that page.

Mobile Provision Code

Swivel versions 3.10 and higher require each Mobile device to be Provisioned with a Code sent from the Swivel server. To provision a phone see Mobile Provision Code.

Downloading Security Strings

From the bottom menu there is a update keys button, pressing this will get you a new set of 99 security strings. This will attempt to retrieve Security Strings from the Swivel server.

If there are any problems and error message will be displayed

You can confirm that keys have been downloaded by checking the server logs

The Swivel server will display the following log message Security strings fetched for user: username

Options

The following options are available:

Auto extract OTC, Prompt for PIN Number to auto-extract OTC, Options, enable/disable. This option may be turned off on the Swivel server. When enabled this allows the user to enter their PIN number and a One Time Code will be displayed. Note that there is no error checking of the PIN, so if an incorrect PIN is entered an incorrect One Time Code will be displayed.

Allow String Browsing, This is a Swivel server controlled option, which if enabled will allow the user to browse through security strings on the mobile app.

Provision is numeric, allows the keyboard type to be either alpha numeric of numeric depending on the users provision code type.

Set Support Email Address. Set Support Phone Number. Set VPN client URL.

Authenticating with app

To use the Swivel iPhone app to authenticate is very simple.

1. Open the app. on your iPhone.
2. Select the key icon on the bottom menu.
3. Depending on your policy settings you will either be prompted for a PIN or immediately shown a One-Time-Code (OTC).
4. If you are asked for a PIN, enter the PIN number previously sent during the enrolment phase.
5. Enter the OTC into the authentication dialogue, make sure you enter all the characters.

If you need to authenticate again you can select the '<' or '>' button and a new string will be displayed (you may have to enter your PIN again).

Authenticating with app and Swivel

To use the Swivel iPhone app to authenticate is very simple.

1. Open the app on your iPhone.
2. Select the key icon on the bottom menu.
3. The client will show a security string with a row of placeholders 1234567890 below it.
4. Use your PIN to extract your One-Time-Code (OTC), eg if your PIN is 2468 take the 2nd 4th 6th and 8th characters of the security string.
5. In the example screen shoot the OTC would be: 1825.
6. After the OTC has been worked out, you will also need to ensure you type in the last two characters shown (the index).
7. Using the example screen shot you would type 182512.

If you need to authenticate again you can select the '<' or '>' button and a new string will be displayed.

Updating Keys

The client downloads 99 keys at a time and these keys are used one at a time until there are none left. However a new set of 99 keys can be downloaded at any time by selecting Update Keys. Downloading keys requires network connectivity so it is recommended that you download a new set of keys before the iPhone is likely to be without network connectivity for any length of time.

Troubleshooting

• Is the Swivel server accessible on the internet

• Check the connection settings to the Swivel server

• Check the Swivel logs for any error messages

• Can the phone access the internet

• If a RADIUS connection is seen from the access device to the Swivel server but authentication fails, try using PAP

• Download new security strings to the phone and retest

• Is the pin 6 characters when you only entered a 4 digit pin? If yes then enter all of the numbers you see on screen (the extra 2 are used as an index).

• Login fails and User receives a security string or One Time Code by SMS or email at each login attempt. Again make sure you are entering all of the numbers shown on screen.

• If the proxy port (8443) on the virtual or hardware appliance is being used, ensure that it supports the proxy request of the key retrieval using AgentXML. If this is the case then contact Support for an updated version of the Proxy.

• If you fail to authenticate successfully using the security string provided by the iPhone app please see iPhone authentication fails

Error Messages

Incorrect settings - please check your settings

The settings for downloading the security strings are incorrect. Verify what has been entered, and check what the values should be.

Timed Out

The settings for connecting to the Swivel server may be incorrect or the port is being blocked.

AGENT_ERROR_NO_SECURITY_STRINGS, AGENT ERROR NO SECURITY STRINGS

See AGENT ERROR NO SECURITY STRINGS

Not a valid command

This error message can be displayed when a mobile client app is attempted to be activated but uses an older version of the app. Remove previous versions of the app.

Cannot Open Page Safari cannot open the page because the address is invalid

The link to the provisioning is incorrect or will not open in Safari.

Known Issues and Limitations

• The current version only supports one device per user.

If the Mobile Client fails to provision through the One Step Provision process, exit the app and configure manually. An updated version Mobile Client App will be made available on the Apple store.

Legacy

Mobile Phone Compatibility

	3.4 - 3.8	http://itunes.apple.com/gb/app/pinsafe-iclient/id374241218
	3.8 - 3.10	https://itunes.apple.com/gb/app/swivel-mobile/id872975579

Keywords: iPhone, iClient, Swivel, App, AppStore, Apple, iPad