Mobile Provision Code

From Swivel Knowledgebase
Jump to: navigation, search

Mobile Provision Code Overview

Swivel Core Verion information

Swivel version 3.10.4

QR Code Provision

Swivel version 3.10

Swivel version 3.10 onwards supports one step Mobile Client Provisioning using a Provision URL and a Site ID.

Swivel version 3.8

From Swivel 3.8 onwards the Swivel Mobile client must be provisioned to allow the Mobile client to download security strings for a user. The advantages of this are:

  • A user cannot download another persons security strings
  • Provisioning a mobile device prevents a user from downloading security strings to another device without being provisioned.

Each username may have one Mobile Client Provisioned. A request to provision a new mobile device or re-provision an existing mobile device that reaches the Swivel server will invalidate the current security strings. This article explains how to provision or re-provision a Swivel Mobile client.

This document supplements the existing documents for individual phone types.

For information on how a user can self provision or request a new provision code see Mobile Re-Provision How to Guide


Supported Mobile device

Swivel Mobile Client installed that supports Swivel 3.8 or higher provisioning, see Mobile Phone Client

Swivel appliances will need their proxy upgrade to handle the provisioning, see Appliance Proxy Server Upgrade

If a Swivel cluster is configured with multiple servers, then session sharing should be enabled, otherwise the provision code is stored in memory and only valid on the Swivel instance that it is generated.

Ensure Provision code settings are configured across multiple Swivel instances.

Swivel Configuration

Mobile Provisioning

Swivel 3.8 and higher requires each mobile phone to be provisioned so it can be uniquely identified. Ensure that all Mobile Client users have suitable Transports configured to receive their Provision Code. To provision the mobile client on the Swivel Administration Console select User Management, locate the required user, click on the user to reveal the management functions and click Reprovision. The code sent to the user is valid for a length of time set under: Swivel Administration Console select Policy/Self-Reset. Earlier versions of Swivel do not need to use a Mobile Provision. From version 3.9.7 the user is sent a Provision URL.

PINsafe 3.8 User Administration User Management.jpg

On the Swivel Administration Console log a message should indicate that the Mobile Provision Code has been successfully sent to the user:

Message sent to user: username, destination:

User "username" can now reprovision their mobile device.

Message added to message queue for user: username, destination:

Provision code created for user "username"

Mobile Self Provisioning

A user can be permitted to provision their own mobile device. To allow this, on the Swivel Administration Console select Policy/Self-Reset then set the following parameters as required:

Allow user self-provision of mobile client: Default No, Options Yes/No

Log device information when provisioning: Default No, Options Yes/No

Provision Code Validity period (seconds): Default 600, Options 10-1000000 Note: this value is for all Mobile Provision Codes.

To configure the self Provision/Re-provision see the Mobile Re-Provision How to Guide

Obtaining a Provision code using the Self Provisioning feature

A user should be able to access the Provision page of either the User Portal or from the resetPIN utility using https://ApplianceIP:8443/reset/provision.jsp. From version 3.9.7 this can sbe sent as a Provision URL.

Mobile Client Configuration

If a SSD has been configured then the settings can be automatically pulled from the Swivel server, together with any Mobile Client Policies.

Mobile clients may have some variation.

Note: Re-Provisioning a mobile client will invalidate the current security strings for the client.

From the Swivel Mobile Client select settings, then select Re-Provision. A text box should appear to enter the Mobile Provision Code.

PINsafe Android Client.png PINsafe Android Client PINsafe Reprovision.jpg PINsafe Android Client Provision Code.jpg

Enter the Mobile Provision Code and observe the screen input for a Provisioning. Please wait... message. When complete a Device Provisioned message briefly appears on the screen.

PINsafe Android Client Provision Code entry.jpg PINsafe Android Client Provision Code provisioning attempt.jpg PINsafe Android Client Provision Device Provisioned.jpg

Verify Device Provisioning

On the Swivel Administration console, check the logs for a provisioning message:

User "gfield" provisioned successfully

Error Messages

Error Server, Unknown Server ID

The Site ID may not exist or may not have been entered.

Error Server Connection

The server details are missing or incorrect

Invalid Username

The User may not exist on the Swivel server.

Invalid Provision Code

The provision code is not valid or has already been used.

User not set

No username has been entered under options. Enter the username and retry.

Error Dowloading Security Strings

The user may not be a member of an appropriate group with Mobile Client authentication enabled

Failure Please check your settings or try again later. Message: Provision Failure

The following log message may be seen in the Swivel Administration Console:

User "gfield" provision failed, A valid session could not be loaded or created for the user.

This can be caused by an incorrect Mobile Provision Code, or the time allowed for provisioning a device has been exceeded.

Note: The security strings on the mobile phone will be invalid until a successful provision is carried out and a new set of security strings are downloaded.

PINsafe Android Client Provision Failure.jpg

AgentXML request failed, error: No suitable authentication method for the user "qwerty" was found. The user may be missing from the user repository or a synchronisation has not yet occurred.


Mobile request from unknown user; the user needs to reprovision

A Mobile Provision Code was entered for a user who is not present on the Swivel user database.