Documentation

 

 

Updated October 29, 2019

Introduction

SecureAuth Passcode is a desktop application that generates one-time passcodes (OTPs) to use for validation during the login process.

The Passcode app must first be connected to your user profile via a SecureAuth IdP app enrollment realm before it can be used.

Once connected, the app generates a new passcode (configured for 6 or 8 digits) every 60 seconds. Input the current passcode on the login page to gain access to the resource protected by SecureAuth IdP.

You can enroll more than one Passcode account on the app and manage these accounts on the app.

Version 19.10 of the Passcode app supports optional PIN protection, which, if configured, requires you to enter your PIN to view the OTP.

See the Release notes to learn about new features in this release.

CONTENTS OF THIS DOCUMENT:



What's new in Passcode Windows app v19.10

For Windows users only, a custom PIN of 4, 6, 8, or 10 digits can now be configured on the URL app enrollment realm running on SecureAuth IdP version 9.3. The PIN length corresponds to the security level to be enforced, where 10 digits is the highest security level.

If an app is upgraded to this latest version, any account existing on the app must be re-enrolled if it is connected to a realm that now requires a PIN with a security level exceeding 4 digits to view the OTP on the app.

 Sample Choose PIN and Enter PIN screens...

 

For Windows users only, Spanish language is supported on the user interface (UI). No special setting is necessary; if the workstation is set to Spanish, the UI will display Spanish by default. Some error messages, enrollment, and validation page messages are sent from SecureAuth IdP, so ensure that it has Spanish set so end users receive all messages in Spanish.



Prerequisites

End user: Minimum Windows workstation requirements

Supported OS versions 

Windows OS versions:

  • Windows 7 (32-bit or 64-bit)
  • Windows 8.1 (32-bit or 64-bit)
  • Windows 10 (32-bit or 64-bit)

Windows Server OS versions:

  • Windows Server 2008 R2 (32-bit or 64-bit)
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
Microsoft .NET
.NET Framework 4 or later

2. Download and install Passcode app version 19.10 on your desktop:

3. Get the web address of the SecureAuth IdP app enrollment realm (version 9.3) you should use to:

  • Enroll the app and provision it for Multi-Factor Authentication usage (if you do not have the app installed), or
  • Re-enroll the app for Multi-Factor Authentication usage if you are upgrading from version 2.0.x to version 19.10.

4. Proceed to the Installation Steps.

Administrator: Windows server setup requirements

Requirements for optional Roaming User Profile Group Policy Object (GPO)

Roaming user profiles, set up in Active Directory environments, let users with computers joined to a Windows server domain log on another computer on the same network to access documents.

To use roaming user profiles with the Passcode app:

NOTE:

  • Seed and PIN values are shared by all machines with Passcode apps installed.
  • Any change to seeds, PINs, and accounts appears on other machines after the Passcode app on another machine is restarted.
  • Refer to Multi-Factor App Enrollment (URL) realm configuration for additional information.

Installation configuration options

If you will use the Silent Install option to install Passcode on end-user workstations:

  • You can include the INSTALLDIR attribute in the silent installation syntax to install Passcode in a path other than the default location C:\Program Files (x86)\Passcode
  • You can include the ENROLLMENTURL attribute in the silent installation syntax. This pre-populates the URL in the Add Account screen the first time the end user starts the app.

Using this option:

  • You can configure the syntax to let the end user enter another web address to use instead of the one you provided.
  • You can specify the account enrollment URL to be used. This configuration means that any existing, provisioned account on the end user's machine will be deleted.



Installation steps 

Follow the installation steps for the Windows desktop.

Windows installation

1. Find the Passcode application you downloaded.

2. Choose either Wizard install or Silent install and follow the instructions for that option.

NOTE: The silent install option uses the Windows Command Line Interface (CLI) and requires administrator permissions. Be sure you have the syntax from the administrator before proceeding.

Wizard install 

1. Double-click the Passcode .msi file to start the InstallShield Wizard.

2. Click Next to continue.

3. Review the current settings, then click Next.

4. If the User Account Control (UAC) confirmation appears, then click Yes to start the installation.


6. Wait for the InstallShield Wizard to install the client application.


7. Click Finish.

Silent install 

1. Click Start and then initiate a command prompt as an administrator.

2. Execute the following syntax to perform a silent install:

  <installerPath>\PasscodeX_X_X.msi /quiet INSTALLDIR=<installDirectoryPath> ENROLLMENTURL=<enrollmentURLpath>

Example: 

      C:\users\admin\Downloads\PasscodeX_X_X.msi /quiet INSTALLDIR="C:\SecureAuth Files\Passcode" ENROLLMENTURL=secureauth.company.com

Optional installation steps:

  • Use the INSTALLDIR attribute to install Passcode in a non-default location – the default location is C:\Program Files (x86)\Passcode
  • Use the ENROLLMENTURL attribute to pre-populate the Add Account screen with the URL when starting the application for the first time.
    • If the administrator has specified an account enrollment URL in the command line syntax, then any existing provisioned account on your machine will be deleted.
    • If the default URL realm SecureAuth998 is used, then you only need to enter the Fully Qualified Domain Name – example: secureauth.company.com
    • If a realm other than the default realm is used for Multi-Factor Authentication URL app enrollment, then the entire URL address that includes the realm name is required – example: https://secureauth.company.com/secureauth2



Connect an account to your user profile 

1. Start the Passcode client application.

2. If this is a fresh install, then the Add Account screen appears. 

3. Enter the web address of the SecureAuth IdP app enrollment / OATH provisioning realm.

If the default URL realm SecureAuth998 is used, then you only need to enter the Fully Qualified Domain Name – example: secureauth.company.com

If a different realm is used for Multi-Factor Authentication URL app enrollment, then the entire URL address that includes the realm name is required – example: https://secureauth.company.com/secureauth2

4. Click Start.

5. Follow the configured workflow, which may include Multi-Factor Authentication.

The sample image shows the Username + Password Only (on first page) workflow option.

6. Set the PIN (if required in the app enrollment realm configuration) and click Enter

PIN VALUE RESTRICTIONS:

    • Cannot contain consecutive, repeating digits – example: 33333333 or 1111
    • Cannot be forward or backwards sequential – example: 123456 or 87654321

PIN RULES:

    • If upgrading from an earlier version of the app, then you are prompted to create a PIN and re-connect to your profile if the realm requires a PIN.
    • An account on the app must be re-enrolled for multi-factor authentication if the connected realm now requires a PIN entry.
    • If accounts on the app use different PIN lengths, then the highest security setting (maximum 10 digits) is enforced for use on the app. To apply the highest security setting to all accounts, you must re-enroll accounts that are not using the highest security setting.
    • If multiple accounts exist on the app, you must create a new PIN whenever you:
      • Add an account that requires a higher security setting, or
      • Delete the account that used the highest security setting.

7. Confirm the PIN, and click Enter again.

The OTP panel appears with the current one-time passcode (OTP) that can be used for Multi-Factor Authentication.



App account management

Use the app

1. Start the app on your desktop. 

2. Enter your PIN, if prompted.

3. The OTP panel appears showing a passcode 6 to 8 digits in length for each account tile on the app.

The blue bar beneath the passcode indicates how much time remains to use the passcode for login, as configured by the administrator.

The bar turns red when 10 seconds remain to use the current passcode. When the time has elapsed, a new passcode appears.

4. Click Copy to copy the passcode to the clipboard for easy pasting on the login page.

Toolbar

Click the icon on the toolbar to execute the function described to the right:

Home

The OTP panel appears with the current passcode for each account on a connected domain.
Add AccountThe Add Account screen appears so you can connect an account to an additional domain.
Edit Accounts

The Edit Accounts screen appears on which you can rename, re-enroll, reorder, and delete accounts.

Change PINThe PIN Selection screen appears so you can update the registered PIN.
AboutWindows app only: The About screen appears which displays the Passcode app version number.
Minimize / QuitWindows app only: The application minimizes / is exited.

Edit accounts screen 

Clicking the pencil icon puts the app in edit mode, providing functions described below.

Click the icon on the account tile to enable the function described to the right:

RenameLets you rename a connected account.
Re-enroll

Clears out account connection data and restarts the account connection process.

ReorderLets you organize the account tiles on the OTP panel.
DeleteLets you remove a connected account.



End user experience

1. Log on the realm you want to access and proceed through the configured workflow.

2. On the Multi-Factor Authentication methods page, select the Time-based Passcode option from the list.

3. Click Submit.

4. Start the Passcode app.

5. If a PIN is required to unlock the app, input the PIN and click Enter.

6. On the OTP panel, click Copy on the account tile to copy the passcode.

7. Paste the passcode in the Passcode box on the login page.

8. Click Submit to access to the realm.


Release notes 

New features and enhancements

Version: 19.10
Release date: October 29, 2019
Compatibility: SecureAuth IdP v9.3.x or later

OTP-58SecureAuth Passcode for Windows supports an optional security feature requiring a custom PIN (4, 6, 8, or 10 digits) to access a passcode from the app.
OTP-74SecureAuth Passcode for Windows supports Spanish on the UI. No special setting is necessary; if the workstation is set to Spanish, the UI will display Spanish by default.



Related documentation

Multi-Factor App Enrollment (URL) realm configuration

SecureAuth Authenticate app for iOS and Android v5.2

Previous version of Passcode for Mac

SecureAuth Passcode for Mac v2.0

Previous version of Passcode for Windows

SecureAuth Passcode for Windows v2.0.1