Manage soft token authenticators
Available soft token authenticators
The following soft token authenticators are available on Identity as a Service:
Entrust Soft Token
An Entrust Soft Token (ST) is an authentication token provided by Entrust for use with its various authentication platforms. When assigned to a user, Identity as a Service requires that those who have been assigned this authenticator provide a specific challenge response generated by the Entrust ST application. A user using a mobile device with an Internet connection can also use an enhanced Entrust ST feature called Push NotificationPush NotificationPush Notification automatically prompts the user to authenticate on their mobile device when they authenticate on Identity as a Service. .
SDK Soft Token
A custom mobile soft token app that generates a one-time password (OTP) to allow users to access applications.
Legacy Token
A custom mobile soft token app that generates a one-time password (OTP) to allow users to access applications.
Google Authenticator
A Google authenticator is soft token app that generates a one-time password (OTP) to allow users to access applications. The default name is Google Authenticator. This name can be changed (see Customize email templates). When the name is changed, the new name updates throughout, including authenticator settings (see Modify Google authenticator settings).
About soft token authenticators
A user can have multiple soft tokens. For example, if a user with multiple mobile devices might want to add a soft token to each one.
Administrators can assign soft tokens to users using the following methods:
- Automatically assign users a soft token. If the user has an email address, the user receives an email with instructions to activate their Entrust ST tokens. See Manage General settings for information on automatically assigning Entrust Soft Tokens to users.
- Add a soft token to a user's profile
Users can also add soft tokens to their accounts
Before assigning authenticators to users, review the authenticator settings and change them as required. See Modify Entrust Soft Token (ST) authenticator settings.
Topics in this section
Modify Entrust Soft Token authenticator settings
Review the Entrust Soft Token authenticator settings, and edit them as required. Changes made to these settings apply to all assigned Entrust Soft Tokens in your account.
Assign and activate Entrust Soft Token authenticators
Assign Entrust Soft Tokens to users
Unlock an Entrust Soft Token app
If a user enters an incorrect log in PIN in their Entrust Soft Token app too many times, the application is locked. The user must provide you with the PIN Reset code that appears on their Entrust Soft Token app for you to complete this procedure and unlock the Entrust Soft Token app.
Modify Google authenticator settings
Changes made to Google authenticator settings apply to all assigned Google authenticators in your account.
Activate a Google authenticator
You can assign a Google Authenticator to yourself or any user that you manage. Before you begin, ensure that you have access to a mobile device with a Google Authenticator application installed.
Synchronize a soft token authenticator
If a user tries to use their soft token to authenticate and it does not work, it is possible there is a difference between the time settings on the user's mobile device and those on your Identity as a Service account. Use the Synchronize function to resolve this issue. Before you begin, ask the user to ensure that the clock of their mobile device and cell carrier are synchronized.
Manage soft tokens
You can enable, disable, and delete Entrust Soft Token and Google authenticators. You can also view the details of the soft token authenticator, such as the date it was created, when it was last used, its state, type, and whether it supports push authentication.
Edit a token label
This option enables you to edit a soft token label. This is useful is you have multiple soft tokens or want to replace a serial number with an easy to remember label. For example, a user might be assigned a soft token to use on their phone and another soft token for their tablet. The labels My Phone and My Tablet are easier to identify than a serial number.
Manage Soft Token SDKs
If you have a custom Soft Token SDK, use this procedure to add your custom Soft Token SDK to Identity as a Service. Once you add the Soft Token SDK, you can configure custom push messages.