Configure Identity Platform for HID hard token provisioning and use
There are two distinct SecureAuth IdP realm configurations required to provision and use HID hard tokens:
- Provisioning
HID hard token provisioning which assigns the token to the user profile. To provision HID hard tokens for use in Multi-Factor Authentication, you can use the Account Management (Help Desk) page to add the OATH Seed value of the hard token to user profiles.
- Utilization
Utilization of HID hard tokens for Multi-Factor Authentication in other realms. To enable the use of HID hard tokens for Multi-Factor Authentication in other SecureAuth IdP realm(s), you will need to configure those applicable realms to support HID hard tokens.
Hard token provisioning (Account Management) realm
The following steps are required in addition to configuration of the Account Management (Help Desk) realm. This allows you to administer and assign HID hard tokens to user profiles.
To learn more, see Account management page configuration.
Go to the Data tab.
In the Profile Fields section, set the following:
OATH Seed Property
Map this property to a directory field.
The directory field must meet the following requirements:
Directory string syntax (2.5.5.12)
rangeUpper of 4096+
Data format
Set to Advanced Encryption.
Writeable
Select this check box.
Save your changes.
Go to the Post Authentication tab.
In the Post Authentication section, set the Authenticated User Redirect field to Account Management.
Save your changes.
In the Identity Management section, click the Configure help desk page link.
In the OATH Seed field, set to Show Enabled.
Save your changes.
Configure realms to use HID hard tokens
Configuration is required in all realms using HID hard tokens for Multi-Factor Authentication.
Go to the Registration Methods / Multi-Factor Methods tab.
In the Registration Configuration / Multi-Factor Configuration section under Time-based Passcodes (OATH), set the following:
Passcode length
Set to 8 digits.
Passcode Change Interval
Set to 30 seconds.
Passcode Offset
Set the time at least 5 minutes or longer.
Cache Lockout Duration
Set to 10 minutes.
Save your changes.
Next steps
SecureAuth Hard Token Decrypt Tool
Self-service page: Provision and add a HID hard token
Help Desk page: Provision and assign HID hard tokens to user profiles