Difference between revisions of "How To Configure OATH Mobile"
(→Troubleshooting) |
(→Troubleshooting) |
||
Line 49: | Line 49: | ||
'''Security code is showing instead of OATH Token''' | '''Security code is showing instead of OATH Token''' | ||
− | |||
+ | Please ensure that the SSD server for that Site ID has been configured as OATH and local mode is set to false. | ||
After changing the setting in SSD server, the users must me re-provisioned. | After changing the setting in SSD server, the users must me re-provisioned. | ||
Revision as of 07:59, 5 September 2017
Contents
Overview
OATH authentication allows a mobile device to be prompted a new OTC every 60 seconds without requiring the connection to AuthControl Sentry. If the device is provisioned on OATH mode, push Authentication cannot be used.
Prerequisites
Swivel AuthControl Sentry v4 onwards
Swivel Mobile Phone Client Version v4 for One Touch Mobile client based solution.
Swivel Server Details SSD for mobile client with OATH enabled.
Swivel core configuration
In order for a user to be able to use the mobile app as a OATH token they must be allocated the right to use the OATH mode of operation. This is done by ensuring that they are a member of a group that has this right.
Mobile client users must install the Swivel Mobile Phone Client from the app store.
Configuring OATH policy settings
On the Swivel Administration console select Policy/Self-Reset and ensure the below settings are configured:
Set Mobile App OATH Mode to Yes
Set Mobile App Local Mode to No
Define a group of Mobile OATH users
On the Swivel Administration console, select a group of users that will be using Mobile OATH authentication and ensure that the OATH box is ticked then click Apply.
OATH Mobile Users
Testing
For testing OATH you can click App provision button on the user admin screen for the user that has been configured as a mobile OATH user and then provision the device with the URL or QR Code as explained:
Provision the device via URL. Please read more on Provision URL page.
Provision the device via QR code. Please read more on QR Code page.
Troubleshooting
Security code is showing instead of OATH Token
Please ensure that the SSD server for that Site ID has been configured as OATH and local mode is set to false. After changing the setting in SSD server, the users must me re-provisioned.
Check the Swivel logs for error messages
Error Messages:
CANNOT_CREATE_TOKEN for the <username> user does not belong to the OATH Group
This error can be seen where the button App Provision is clicked on the User Admin Console and the user does not have OATH permission. To solve that you need to add the OATH right to the group the user is member of.
OATH token does not allow the authentication.
When you click Provision App ensure that a token for that user has been created. For that you can go to the OATH/OATH Tokens screen and check that a new token has been created for that user.
If the token has not been created, ensure that the policy Mobile App OATH Mode is set to Yes.