If you have seed data (Base32 or Hex encoded), and want to distribute the data to a user via email (in order to be scanning into an authenticator app on a mobile phone, then one of the best solutions is to email the data in the form of a  QR code (which will then be scanned into your authentication app).

Generating a QR code using the Management Console

QR codes may be generated for a specific token using the management console by using the following procedure;

After logging in to the management console navigate to "Directory | Users" and selecting the domain of the user that has the token assigned to them, then click

Left click on the context menu of user and select the option "Tokens", and you will be presented with a list of all tokens currently assigned to the user;

To obtain a QR code for one of these tokens left click on the context menu of the required token and select "Display QR Code";

A window will now open titled "QR Code" that will display the QR code for the selected token;


Generating a QR code using the Self-Service Console

A user may obtain a QR code by accessing the Self-Service Console using the following procedure;

Login to the DualShield Service Console (DSC)Login to the DualShield Service Console (DSC)

Find the MobileID token, click its context menu

Select "View QR Code" from its context menu

Find the MobileID token, click its context menu

Select "View QR Code" from its context menu


Adding QR codes to tokens pushed by email

By editing the Push Token SMTP message template you can add a QR code to all tokens pushed to the user by email;

An OTP token's QR code can be sent to the user by email. This process is called "push token" to users. 

A token can be pushed to the user by the server automatically or pushed to the user manually by the administrator in the admin console. Either way, a message template called "Push Token" will be used to create the email message. Therefore, you must customize the Push Token message temple first if you want users to receive their token's QR code by email. 

Customize Push Token Message Template

The "Push Token" message template is used by the DualShield server when it sends users an email or SMS message that contains the user's OTP token information, such as the token's download link or the token's QR code etc.

You must customize the message template according to your requirements. 

SMTP Template

If you want the server to push OTP tokens to users by email, then you need to customize the SMTP Template

Navigate to Customization | Message Templates | Push Token | SMTP Templates

Typically, you would need to change the Sender, Subject, and Text field which is the body of the message.

There are 3 wildcards that you can use in the message body depending on your requirements

WildcardRemarksExamples
[[LINK]]

This wildcard represents the download link of the user's MobileID token. 

Use this wildcard if you want to send the token's download link to the user.

Please click the link below to download your token

[[LINK]]


If required, your authorization code: [[AUTHZCODE]]

[[QRCODE]]

This wildcard represents the QR code image of the user's OTP token. 

Use this wildcard if you want to send the token's QR code to the user.

Please scan the QR code below to install your token

[[QRCODE]]


If required, your authorization code: [[AUTHZCODE]]

[[AUTHZCODE]]

Depending on the token's policy, installing an OTP token might require an authorization code.

This wildcard represents the authorization code of the user's token if it is required. 


You must select "HTML Format" if include the wirldcard [[QRCODE]] in the message text.

SMS Template

If you want the server to push OTP tokens to users by SMS message, then you need to customize the SMS Template

Navigate to Customization | Message Templates | Push Token | SMS Templates


Below is an example of the Push Token SMTP message template


Push Token Manually

The following procedure demonstrates how the system administrator can send the QR code to users by emails

Navigate to "Directory | Users", select the domain for your external directory, then for a selected user left click on the context menu and select "Tokens";

The token details for the selected user will now be show, left click on the context menu of the token to be pushed to the user then select the message channel to send the token (normally "By Email");

The QR code for the selected token will now be sent to the user by email.

End User Experience

Once the token has been sent to the user an email will arrive that includes the required QR code (example below);



Generating a QR code from seed data using an online form

In order to generate a QR code you will first need to obtain seed data encoded in Base 32 form, but it is possible the seed was provided externally, and is currently hex encoded.  

Hex encoded seeds may be converted to Base32 form using the following procedure;

To convert Hexadecimal encoded seed data to Base32 we suggest using the following online conversion tool 


In the field "Hex String" copy the seed data you received in hex format then click the

The base32 version of the seed will be displayed in the "Decoded data (hexadecimal)" field.


Once you have seed data Base32 encoded, you can generate a suitable QR code using the following procedure;

To convert Hexadecimal encoded seed data to Base32 we suggest using the following online conversion tool 

In most cases you will want to generate a QR code for time based TOTP authentication (so leave the first field with the default value) 

In the field "Secret – required" copy the Base 32 encoded seed data

In the field "Label – required" copy the details that will be displayed in the app for this OTP (e.g. user@host.com)

The online app will now generate a QR code that can be scanned into any compatible google authenticator style mobile app;


  • No labels