The purpose of the section "Token Download" is to provide the system administrator to determine the token authorisation, authentication, download options and link expiry duration.

The Microsoft Authenticator policy settings "Authorisation" and "Authentication" affect what the user must do prior to downloading a token, whist the download link expiry settings determine how long the links remain viable.





  • Authorisation Code not required
    When the user attempts to download the token, no authorisation code will be required. The user will be able to download the token by simply providing his/her username and password.

    When this option is selected, all tokens pushed to the user will end with the message "Your authorization code: not required" (see example below);


  • Authorisation Code required. Send Authorisation Code
    When the user attempts to download the token, an additional Authorisation Code will be required from the user. DualShield will automatically send an Authorisation Code via the specific Message Channel.

    When this option is selected, all tokens pushed to the user will end with the message "Your authorization code:", followed by the authorization code (see example below);


  • Authorisation Code required. Do not send Authorisation Code
    When the user attempts to download the token, an additional Authorisation Code will be required from the user. DualShield will not send an Authorisation Code.

    When this option is selected, all tokens pushed to the user will end with the message "Your authorization code:", followed by the authorization code (see example below);



This option will specify if token downloading from the mobile app is to be alllowed only from the network, from anywhere, or not at all;

.


This field determines if user authentication is required when downloading the token;

  • Authentication required
    Authentication is required when downloading the token.

    When this option is selected the download link will not take the user directly to the download page (unless they are already logged in to the provisioning server).

    If the user is not already authenticated, they will first need to authenticate their user account (see example below);

    After the user has authenticated his account he will then be taken to the token download screen;

  • Authentication not required
    Authentication is not required when downloading the token.

    When this option is selected the download link will take you directly to the download screen without needing to log in to your user account (see example below);


If a non zero value is supplied then this value determines how many minutes can pass before the download link expires.

After this time has elapsed (since the download link was sent to the user), then the download link will no longer be usable, and a new link will need to be sent to the user.


If a non zero value is supplied then this value determines how many minutes can pass after the user's visit before the download link expires.

After this time has elapsed (since the user visited the provisioning server), then the download link will no longer be usable, and a new link will need to be sent to the user.


When a MobileID token is set to "Confined", it becomes un-downloadable. In other words, a confined token cannot be downloaded by the user to his/her MobileID clients. It is safely confined in the server.

If this option is set then the MobileID token is safely confined to the server and cannot be downloaded.


  • No labels