Skip to main content

Configure Identity Platform for HID hard token provisioning and use

There are two distinct SecureAuth IdP realm configurations required to provision and use HID hard tokens:

Provisioning

HID hard token provisioning which assigns the token to the user profile. To provision HID hard tokens for use in Multi-Factor Authentication, you can use the Account Management (Help Desk) page to add the OATH Seed value of the hard token to user profiles. 

Utilization

Utilization of HID hard tokens for Multi-Factor Authentication in other realms. To enable the use of HID hard tokens for Multi-Factor Authentication in other SecureAuth IdP realm(s), you will need to configure those applicable realms to support HID hard tokens. 

Hard token provisioning (Account Management) realm

The following steps are required in addition to configuration of the Account Management (Help Desk) realm. This allows you to administer and assign HID hard tokens to user profiles.

To learn more, see Account management page configuration.

  1. Go to the Data tab.

  2. In the Profile Fields section, set the following:

    OATH Seed Property

    Map this property to a directory field.

    The directory field must meet the following requirements:

    • Directory string syntax (2.5.5.12)

    • rangeUpper of 4096+

    Data format

    Set to Advanced Encryption.

    Writeable

    Select this check box.

    44826942.png
  3. Save your changes.

  4. Go to the Post Authentication tab.

  5. In the Post Authentication section, set the Authenticated User Redirect field to Account Management.

    44826946.png
  6. Save your changes.

  7. In the Identity Management section, click the Configure help desk page link.

    44826945.png
  8. In the OATH Seed field, set to Show Enabled.

    44826944.png
  9. Save your changes.

Configure realms to use HID hard tokens

Configuration is required in all realms using HID hard tokens for Multi-Factor Authentication.

  1. Go to the Registration Methods / Multi-Factor Methods tab.

  2. In the Registration Configuration / Multi-Factor Configuration section under Time-based Passcodes (OATH), set the following:

    Passcode length

    Set to 8 digits.

    Passcode Change Interval

    Set to 30 seconds.

    Passcode Offset

    Set the time at least 5 minutes or longer.

    Cache Lockout Duration

    Set to 10 minutes.

    44826943.png
  3. Save your changes.

Next steps

SecureAuth Hard Token Decrypt Tool

Provision and assign HID hard tokens to user profiles