Skip to main content

Manage grid card authenticators

Grid authentication uses cards with a grid as the authentication lookup tool. When asked to authenticate with a grid, the challenge presents the user with coordinates, for example, B3, H1. The user references the challenge coordinates on their grid card and responds by typing the corresponding values. For example, using the sample grid card shown below, the correct response to the challenge, B3, H1 is E 5.

A grid card is similar to the one shown in this example. Every grid card includes a unique serial ID. A user can have multiple grid cards.

Grid Card example

Typically, your organization creates grid cards, distributes them to users, and then assigns the grid card serial numbers to users. Users can also self-register their grid cards on the User portal.

Complete the following to configure your Identity as a Service account for grid authentication:

  • Ensure that you have the required permissions to complete all of the grid card management tasks

    Administrators must have a role with the following User Grid Card Management permissions to manage grid cards:

    • Add-level access to assign grid cards to users
    • Remove-level access delete a grid card
    • View-level access to view the list of grid cards assigned to a user
    • Edit-level access to enable or disable a grid card
    • All-level access to view grid card details and print or export grid cards

  • Ensure that grid is set as an authentication option for the Identity as a Service application (see Create and manage resource rules).

  • Customize the Grid Card authenticator settings as required.

  • Assign grid cards to users

note

An Identity as a Service account can have a maximum of 5000 unassigned grid cards.

Grid card state

Identity as a Service supports the following grid card states:

  • ACTIVE — The grid card has been used at least one time. The last used date of the imported card will be set to the current date.
  • INACTIVE — The grid card cannot be used at this time.
  • UNASSIGNED — The grid card has not been assigned to a user.
  • PENDING — The grid card can be used for authentication. The first time the user successfully authenticates with the grid card, the card state changes to ACTIVE.
  • CANCELED — The grid card can no longer be used. Canceled grid cards count toward the maximum number of grid cards a user can have. Canceled grid cards:
    • Can be deleted
    • Cannot go back to another state
    • Cannot be used for authentication
    • Cannot be unassigned
  • If not specified, the default state is PENDING.
note

The state column is not case-sensitive. For example, Active, active, and ACTIVE is recognized.

Migrating Entrust Identity grid cards to Identity as a Service

To migrate Entrust Identity grid cards to Identity as a Service, use the instructions in the Entrust Identity Enterprise to Entrust Identity as a Service Migration Guide available on Entrust Trusted Care. Once logged in to Trusted Care, do the following:

  1. Click Products.
  2. On the My Products page navigate to Identity Enterprise > Identity to IDaaS Migration Tool.
  3. On the Identity Enterprise to Identity as a Service Migration Tool page, click Documents.
  4. Click Download next to Migration Guide: Entrust Identity to IDaaS.

The Entrust Identity Migration operation converts the grid card state as follow:

Entrust Identity StateIdentity as a Service State
CURRENTACTIVE
HOLDINACTIVE
HOLD PENDINGINACTIVE
PENDINGPENDING
CANCELEDCANCELED

Topics in this section