The purpose of the section "Token Download" is to provide the system administrator to determine the token authorisation, authentication, download options and link expiry duration.

The Google Authenticator policy settings "Authorisation" and "Authentication" affect what the user must do prior to downloading a token, whist the download link expiry settings determine how long the links remain viable.




  • Authorisation Code not required
    When the user attempts to download the token, no authorisation code will be required. The user will be able to download the token by simply providing his/her username and password.

  • Authorisation Code required. Send Authorisation Code
    When the user attempts to download the token, an additional Authorisation Code will be required from the user. DualShield will automatically send an Authorisation Code via the specific Message Channel.

  • Authorisation Code required. Do not send Authorisation Code
    When the user attempts to download the token, an additional Authorisation Code will be required from the user. DualShield will not send an Authorisation Code.


This option will specify if token downloading from the mobile app is to be allowed only from the network, from anywhere, or not at all;

.


  • Authentication required
    Authentication is required when downloading the token.

  • Authentication not required
    Authentication is not required when downloading the token.


If a non zero value is supplied then this value determines how many minutes can pass before the download link expires.

After this time has elapsed (since the download link was sent to the user), then the download link will no longer be usable, and a new link will need to be sent to the user.


If a non zero value is supplied then this value determines how many minutes can pass after the user's visit before the download link expires.

After this time has elapsed (since the user visited the provisioning server), then the download link will no longer be usable, and a new link will need to be sent to the user.


When a MobileID token is set to "Confined", it becomes un-downloadable. In other words, a confined token cannot be downloaded by the user to his/her MobileID clients. It is safely confined in the server.

If this option is set then the MobileID token is safely confined to the server and cannot be downloaded.


There are three options in the Authorisation policy setting;.


    • Authorisation Code not required
      When the user attempts to download the token, no authorisation code will be required. The user will be able to download the token by simply providing his/her username and password.

      When this option is selected, all tokens pushed to the user will end with the message "Your authorization code: not required" (see example below);

    • Authorisation Code required. Send Authorisation Code
      If this option is selected the link sent to the user will take the user to the deployment server, but they will then need to authenticate before they can obtain their token.

      When this option is selected, all tokens pushed to the user will end with the message "Your authorization code:", followed by the authorization code (see example below);

    • Authorisation Code required. Do not send Authorisation Code
      When the user attempts to download the token, an additional Authorisation Code will be required from the user. DualShield will not send an Authorisation Code.

      When this option is selected, all tokens pushed to the user will end with the message "Your authorization code:", followed by the authorization code (see example below);


The Authentication policy setting has two option that determine if user authentication is required when downloading the token;.

    • Authentication required
      Authentication is required when downloading the token.

      When this option is selected, all tokens pushed to the user will be sent without a quicklink component;

      When the link is used the user will need to supply their credentials to the deployment server before they can download the token.

    • Authentication not required
      Authentication is not required when downloading the token.

      If this option is selected the link sent to the user will take the user to the deployment server, but they will not be asked to authenticate before they can obtain their token.

      When the link is used the user will bypass the deployment server authentication process and will immediately be presented with the token details.

  • No labels