DualShield provides many types of hardware & software tokens. The provisioning service portal is a web-based console where users can manage and download their tokens. 

 


Installation

The provisioning service portal is automatically installed as a component of the Dualshield Provisioning Server.

The Dualshield Provisioning Server is designed to run as a server application on its own. However, the DualShield installation program always installs a copy of the Provisioning Server as a service in the platform in the same place where DualShield authentication server and management console are installed.

The default Provisioning Server installed by the DualShield installation program is accessible by the URL below:

http(s)://dualshield-server-domain-name:8072/dps/

where:

  • dualshield-server-domain-name is the domain name of your DualShield server
  • 8072 is the default port of the Provisioning Server

You can install a separate, standalone Provisioning Server dependant upon your requirements and infrastructure. 

 


Configuration

During the installation of Dualshield, an application named "Provisioning Server" was automatically created for the provisioning service module. 

A logon procedure named "DPS" was also created, and given a single logon step that used "Static Password" authentication.

The application, logon procedure & logon step initial settings can be seen in the following expandable link;

 Initial Settings of the application and the logon procedure


Initial settings for the application "Provisioning Server" after installation of DualShield; 

Initial settings for the Logon Procedure "DPS" after installation of DualShield; 

Initial settings of the Logon Steps for the Logon Procedure "DPS" after installation of DualShield; 


Before the provisioning service portal can be accessed by the users we will need to perform the following configuration steps;

  • Define the realm
  • Edit the default logon steps (optional)
  • Configure the self service policy settings for the emergency code module
  • Publish the emergency code module
  • Perform self tests on the application "Provisioning Server"

Defining the Realm

Assuming that you have already created one or more user domains that will be placed in the realm "Provisioning Server", we will now examine the procedure that will define the realm;

 Defining the Realm


The Realm for the Password Reset Module may be defined using the following procedure;


  1.  Navigate to Authentication | Realms

    1. From the Home page of the Management Console, left click on the menu item "Authentication", then select "Realms".


       
    2. A new tab "Realm" will now open.


     

  2. Left click on the context menu of the realm "Provisioning Server", then select "Domains"; 


     
  3. A new window will now open titled "Domains"

    Select the domains that you wish to assign to the realm of the provisioning server, then click on "Save".



      
  4. You have now defined the realm of the realm "provisioning server"



Logon Procedure and Logon Steps

Optionally, you may chose to customise the default logon procedure and logon steps.

By default the logon procedure "DPS" uses only one logon step (using "Static Password" authentication code), but the logon steps can be customised;

 Logon Procedure and Logon Steps

 

The logon steps can be customised using the following procedure;


  1.  Navigate to Authentication | Logon Procedure

    1. From the Home page of the Management Console, left click on the menu item "Authentication", then select "Logon Procedures".


       
    2. A new tab "Logon Procedure" will now open.


       
    3. You have now navigated to the "Logon Procedure" tab.


      
  2. Left click on the context menu icon of the logon procedure "DPS" , then select "Logon Steps";


        
  3. A new window will open titled "Logon Steps – View";


     
  4. If you want to edit the first logon step, this can be achieved by left clicking on the context menu of the step then selecting "Edit".

    A new window titled "Logon Step – 1" will now open;

    You can now replace the default authentication method with one or more alternative methods for this step then click "Save".


     
  5. You can create as many additional steps as you wish (e.g. "Computer Fingerprint" for Step 2);

    To create additional steps click on the "Create" button;
     


    A new window will open titled "Logon Step – New"; 

    For each additional step, select as many authenticators as you require for this step then click on "Save".


     
  6. When you have added all the steps you require click on the "Close" button.


     
  7. You have now replaced the default logon steps for the logon procedure "DPS".

 


Publishing the Provisioning Services Portal

In order for users of the provisioning service portal to be accessed using their web browser the agent "Provisioning Server" needs to be publish;

 Publishing the provisioning service portal

 

The provisioning service portal is a component of the agent "Provisioning Server", and in a DualShield platform, you can install and register one or many such agents, and these agents are managed in the agent list.

The module provides services directly to the end-users by way of a web portal that requires a public or external IP address or URL, in the format;


http://fqdn-or-ip:port - if the provisioning server is operating in non-SSL mode

                                                          or

https://fqdn-or-ip:port - if the provisioning server is operating in the SSL mode


Alternatively, users can access the portal by typing the public URL into a web browser (e.g. "http://agent-public-URL:8072/dps/allservice/dashboard").

The companies networking equipment (servers, routers, firewalls etc.) would then route the web access request to the provisioning server (it is recommended to use the same port in the public URL as the one that is used by the provisioning server, but the choice of public ports, and the composition of the public URL is entirely at the discretion of the system administrator).

The system administrator enters the public URL against the field "Agent Public URL:" for the agent of the "Provisioning Server" as can be seen in the following example;


 Editing the Public URL

 

  1.  Navigate to Authentication | Agents

    1. From the Home page of the Management Console, left click on the menu item "Authentication", then select "Agents".


       
    2. A new tab "Agent" will now open.
     



     
  2. Left click on the context menu the agent "Provisioning Server" then select "Edit".


     

  3. A new window will now open headed "Agent Info – Edit";


     

     Name

    Provide a descriptive name for the Agent.

     Description

    Provide a description that indicates the function that this agent is performing (e.g. "Public portal for the Provisioning Server").

     Type

    This field cannot be edited.

     Check Agent IP

    If selected the agent will check that the IP of the machine that the agent is running on matches the one supplied in the "Agent IP Address" field.

     Agent IP Address

    Providing the IP address of the machine where the Agent has been or is being installed.

     Agent Public URL

    Some agents such as the Provisioning Server are to be accessed by end users, therefore requires a public Internet address (URL).

    Ensure that all networking equipment (firewalls, routers, proxy servers etc.) will forward these requests to the agent "Provisioning Server".
     

     

  4. When you have completed editing the properties of the agent, click "Save" to save the changes.

 


The DualShield server listens on port 8072 for connection requests and processes web page requests, and the single sign on server listens on port 8074 (Consequently both of ports 8072 and 8074 will need to be available for external access).

The following table provides a few publishing examples for the provisioning service module;

Example Public URL
Local URL
Action
http://agent-public-URL:8072/dpshttp://agent-ip-address:8072/dpsProvisioning server home page without SSL
https://agent-public-URL:8072/dpshttps://agent-ip-address:8072/dpsProvisioning server home page with SSL
http://agent-public-URL:8072/dps/allservice/dashboard
http://agent-ip-address:8072/dps/allservice/dashboardSSO authentication logon for the Provisioning Service Portal access without SSL
https://agent-public-URL:8072/dps/allservice/dashboard
https://agent-ip-address:8072/dps/allservice/dashboardSSO authentication logon for the Provisioning Service Portal access with SSL

 

Performing Self Tests

It is possible to perform simple tests that check the application "Provisioning Server" for configuration integrity of the agent, realm domain and logon procedures of the self-service console using the following procedure;

 Testing Configuration

 

The Provisioning Service Portal can perform a self test using the following procedure;


  1.  Navigate to Authentication | Applications

    1. From the Home page of the Management Console, left click on the menu item "Authentication", then select "Applications". 


       
    2. A new tab "Application" will now open.
     


     
  2. Left click on the context menu of the application "Provisioning Server" then select "Self Test".


     

  3. A new window will now open headed "Self Test" with the results of the test;

    If the self test yields result that differ to the above example (i.e. any of the tests fail), then you will need to address the configuration failures.


     

  4. You have now performed an application self-test of the application "Provisioning Server".

 

Customising the User Interface 

The user interface can be changed using the following procedure;

 Customising the User Interface of DualShield Provisioning Service (DPS)

 


Logging In

You normally log in to the provisioning service portal by using a web browser as in the following example;

 Log in to the self service console

 

  1.  Access the Provisioning Server Home Page

     

    1. To access the home page of the provisioning services you will need to enter the public URL of your provisioning server into a web browser (the public URL of the provisioning server will be in the form "http://public_URL:port/dps"). 

      As an example, if your domain is named "DeepnetSupport.com", you host is called "DualShield", and you have kept the port at the default 8072 then enter “http://Dualshield.DeepnetSupport.com:8072/dps”.


       
    2. When you have entered the public URL you will be presented with a web page headed "DUALSHIELD PROVISIONING SERVER";
       


       
    3. You are now accessing the menu screen from where you can launch either the password reset module, the emergency access module, or the provisioning service portal.
     

     

     


      

  2. You will presented with several options, "Password Reset", "Emergency Access" and "Provisioning Service Portal".
     
    Select the third option "Provisioning Service Portal" by clicking on the mobile phone icon;

     

     

  3. You will now need to log in to the provisioning server using your login details, enter your login details then click "Continue".
     


     
  4. After passing authentication you will be presented with the "TOKENS" screen of the provisioning service portal.



     
  5. You have now successfully logged in to the Provisioning Service Portal.

 

 


Token Provisioning

The provisioning service portal can view tokens using the following procedure;

 How to download tokens

 

  1.  Log in to the Provisioning Service Portal

     

    1.  Access the Provisioning Server Home Page

       

      1. To access the home page of the provisioning services you will need to enter the public URL of your provisioning server into a web browser (the public URL of the provisioning server will be in the form "http://public_URL:port/dps"). 

        As an example, if your domain is named "DeepnetSupport.com", you host is called "DualShield", and you have kept the port at the default 8072 then enter “http://Dualshield.DeepnetSupport.com:8072/dps”.


         
      2. When you have entered the public URL you will be presented with a web page headed "DUALSHIELD PROVISIONING SERVER";
         


         
      3. You are now accessing the menu screen from where you can launch either the password reset module, the emergency access module, or the provisioning service portal.
       

       

       


        

    2. You will presented with several options, "Password Reset", "Emergency Access" and "Provisioning Service Portal".
       
      Select the third option "Provisioning Service Portal" by clicking on the mobile phone icon;

       

       

    3. You will now need to log in to the provisioning server using your login details, enter your login details then click "Continue".
       


       
    4. After passing authentication you will be presented with the "TOKENS" screen of the provisioning service portal.



       
    5. You have now successfully logged in to the Provisioning Service Portal.

     

    (If you are already logged in to the provisioning service portal select the menu item "Tokens" as below)



  2. The provisioning service portal will now display a table containing a list of all tokens that have been assigned to the User;


    For each token the user will be shown;

    • Serial Number - The unique serial number that identifies the token

    • Status - Indicates the status of the token ("ACTIVE", "DISABLED" or "DECEASED".)

    • Device Type - If supplied this field will declare what type of device the token is intended for.


     
  3. To view the token details for a selected token  (such as QR code) click on "View Detail";

     

  4. You will now be presented with token details for the selected token;



 

 


Application Provisioning

The provisioning service portal can view tokens using the following procedure;

 Installing the MobileID Client Application

 

  1.  Log in to the Provisioning Service Portal

    1.  Access the Provisioning Server Home Page

       

      1. To access the home page of the provisioning services you will need to enter the public URL of your provisioning server into a web browser (the public URL of the provisioning server will be in the form "http://public_URL:port/dps"). 

        As an example, if your domain is named "DeepnetSupport.com", you host is called "DualShield", and you have kept the port at the default 8072 then enter “http://Dualshield.DeepnetSupport.com:8072/dps”.


         
      2. When you have entered the public URL you will be presented with a web page headed "DUALSHIELD PROVISIONING SERVER";
         


         
      3. You are now accessing the menu screen from where you can launch either the password reset module, the emergency access module, or the provisioning service portal.
       

       

       


        

    2. You will presented with several options, "Password Reset", "Emergency Access" and "Provisioning Service Portal".
       
      Select the third option "Provisioning Service Portal" by clicking on the mobile phone icon;

       

       

    3. You will now need to log in to the provisioning server using your login details, enter your login details then click "Continue".
       


       
    4. After passing authentication you will be presented with the "TOKENS" screen of the provisioning service portal.



       
    5. You have now successfully logged in to the Provisioning Service Portal.

     

    (If you are already logged in to the provisioning service portal select the menu item "Apps" as below)

     

     



  2. You will then be presented a variety of MobileID applications that can be downloaded;

    The downloads are broken down into 5 groups as shown below;

    • MOBILEID FOR SMART PHONES
    • MOBILEID FOR NON-SMART PHONES
    • MOBILEID FOR WINDOWS
    • MOBILEID FOR MAC OS
    • MOBILEID FOR LINUX
      


  3. The first group "MOBILEID FOR SMART PHONES" provides downloads for iPhone, Android, Windows Phone & Blackberry mobile devices. 

    Downloads for devices in this group are downloaded from their associated stores

    If your mobile devices can be found in this group,  click on the appropriate "View" button and you will be taken you to the appropriate download site;


    IPHONE - click on "Free Downloads" from the iTunes store;

     
     ANDROID - after clicking on "View", click on "Install" from the google play store;

     
    WINDOWS PHONE - click on "Get the app" from the Microsoft store;

     

    Blackberry - click on "Install" from the google play store;


     



  4. The remaining groups all provide direct downloads;



    .
    If you device can be found in any of these four groups, click on the associated "Download" button to start an in-browser download.
     

  5. Once downloaded the applications can be installed on your device.

 

 


Logout

To log out of the provisioning service portal select "Log Out" from the main menu;

 

  • No labels