Setting up the Emergency Access Service

Introduction

The Emergency Access Service is a web portal that allows users to obtain Emergency Codes.

Before the service can be made available for the users, there are some necessary preparations that must be performed;

• Setting up the Logon Procedure and Logon Steps

• Setting up the Application

• Setting up the Realm

• Setting up the Policy Settings

Setting up the Logon Procedure and Logon Steps

The Logon Procedure defines how users will be authenticated when they attempt to login to the portal. You can define a logon procedure of 1-step, 2-step and 3-step verification, for instance.

The Emergency Access Service logon procedure can be prepared using the following procedure;

• Preparing the Emergency Access Portal logon procedure

  In the Admin Console, navigate to "Authentication | Logon Procedures", left click on context menu for the logon procedure "Emergency Access Service", then select "Logon Steps";

  

  You will then be shown the logon steps used for the Emergency Access Service (the example below shows the default logon steps and methods for this service);

  

  If you want to change the authentications methods for one or more logon steps, select the step to be edited, then click on the button;

  

  A new window will now open titled "Logon Step - Step 2" showing the currently selected authentication methods for this step;

  

  You can now select the authentication methods for this logon step according to your own requirements by selecting the required options in this list then clicking ;

  

Setting up the Application

In the Admin Console, navigate to "Authentication | Applications", then select the application "Emergency Access Service";

The application named "Emergency Access Service" is pre-defined during installation (so you would not normally need to make changes to this default setup), however the application parameters can be inspected using the context menu.

Setting up the Realm

A Realm is a group of user domains. It defines who is allowed to access the application that's associated with the realm "Emergency Access Service", and the portal can only be accessed from the domains that are specified against this realm.

The domains for the realm "Emergency Access Portal" can be specified using the following procedure;

• Specifying the Domains in the Realm

  In the Admin Console, navigate to "Authentication | Realms", then left click on the context menu for the realm "Emergency Access Service", then select "Domains";

  

  A new window will open titled "Domains" (by default this list is empty);

  

  You will need to add to this list any domains that your users will be members of (e.g. "pb.deepnetid.com");

  

  After selecting the domains to be added click the button, and the new domains will be added to the realm.

  
  

Setting up the Policy Settings

As Emergency Codes can be generated both from the Emergency Access and the Self Service Consoles, policy settings will need to be adjusted to permit access for each of the policy settings for each of these portals.

Allow users to generate emergency codes from the Emergency Access Service

Use the following procedure to allow users to generate emergency codes for themselves using the Emergency Access service;

• Enabling the Emergency Access Service

  Edit the Self-Service Policy;

  • Editing/Viewing the Self Service Policy Settings (Found in "Administration | Policies")

    From the Home page of the Management Console, left click on the menu item "Administration", select "Policies", then in the new tab "POLICIES", select the category "Self Service", then click the button;.

    

    The Self Service policy settings can now be viewed (or edited) by left clicking on the context menu of the Emergency Code policy, then selecting either "View" or "Edit";

    

  
  

  Expand the section "Emergency Access Service", and ensure the setting "Allow user to request emergency code:" is enabled; 

   

    

Allow users to generate emergency codes from the Self Service Console

To allow users to generate emergency codes from within the self-service console, you will need to ensure that the feature is enabled in the self service policy using the following procedure;

• Allow users to generate Emergency Codes from the Self Service Console

  Edit the Self-Service Policy;

  • Editing/Viewing the Self Service Policy Settings (Found in "Administration | Policies")

    From the Home page of the Management Console, left click on the menu item "Administration", select "Policies", then in the new tab "POLICIES", select the category "Self Service", then click the button;.

    

    The Self Service policy settings can now be viewed (or edited) by left clicking on the context menu of the Emergency Code policy, then selecting either "View" or "Edit";

    

  
  

  Expand the section "Self Service Portal", then scroll down to the setting "Emergency Code Permissions";

  

  If you are to allow users to generate their own emergency codes from within the Emergency Code Service, then you will need to ensure that this setting includes the option "Request", and can be enabled using the dropdown icon;

   

  
  

Emergency Codes Policy Settings

As well as policy settings for the emergency code and self service portals, we also have policy settings that specify features of the emergency codes themselves.

• Emergency Code Policy Settings

  Introduction

  In the case when a user has lost or misplaced their tokens and needs to access an application protected with two-factor authentication urgently, an emergency code can be issued to temporarily replace the user’s token. The policy defines the construction and lifespan of an activation code, such as the length and characters of the code.

  • Editing/Viewing the Emergency Code Policy Settings (Found in "Administration | Policies")

    From the Home page of the Management Console, left click on the menu item "Administration", select "Policies", then in the new tab "POLICIES", select the category "Emergency Code", then click the button;.

    

    The Emergency Code policy settings can now be viewed (or edited) by left clicking on the context menu of the Emergency Code policy, then selecting either "View" or "Edit";

    

    
    

  Editing the Emergency Code Policy Settings:

  Once the self service policy  has been edited, a new window will open titled "Policy - Edit" (that can be used to edit the policy settings for this policy);

  
  

  

  
  

  
  

  
  

  Category:

  The Category for Emergency Code policies is "Emergency Code" and will include all System, Domain, Unit, User or Group held.

  
  

  Holder:

  The "Holder" will indicate if this policy setting is System, Domain, Unit, User or Group held.

  
  

  Name:

  The name assigned to identify the Emergency Code system policy by the System Administrator.

  
  

  Description:

  The System Administrator may use this field to annotate this policy.

  
  

  Enabled:

  This checkbox will allow the System Administrator to enable or disable the policy.

  Maximum Number of Emergency Codes:

  The maximum number of Emergency Codes allowed to be issued to a user's account (enter "0" if there is no limit).

  Length:

  This option determines the length (in characters) of the emergency code.

  
  

  Send to personal email/mobile/telephone if possible:

  This checkbox determines if the emergency code can be sent to the user's personal email, mobile or telephone.

  
  

  Send one code per message:

  This checkbox determines if only one emergency code is sent per message.

   

  
  

  Default Password Lifetime (hours):

  This value indicates the default number of hours that may pass after the emergency code is issued before it can no longer be used (enter "0" if there is no limit).

  
  

  Maximum Password Lifetime (hours):

  This value indicates the maximum number of hours that may pass after the emergency code is issued before it can no longer be used (enter "0" if there is no limit).

  Maximum Number of Uses (times):

  This value indicates the maximum number times that the emergency code may be used (enter "0" if there is no limit).

  
  

  Disable after card or token is used:

  This checkbox will prevent reuse of the Emergency Code

  
  

  Character Requirements:

  This option determines if the Emergency Code will be generated as a number or a sequence of letters.

  
  

  
  

  The usage of emergency code:

  This option determines if the Emergency Code will be the only factor required during authentication.

  
  

  
  

  In addition to the settings in the main section, the Emergency Code policy also includes the following expandable sections;

  

  These sections can be expanded out to provide additional settings related to how the Emergency Codes are sent to the user.

  Message Channel

  The purpose of the section "Message Channel" is to provide the system administrator with policy settings that specify the default and secondary channels that are used to send messages to users.

  

  
  

  
  

  Delivery Channel:

  
  

  This option determines the main delivery channel for sending emergency codes to the user;

  • SMS
    Emergency Codes are to be sent to the User's mobile device as a text message.
    
    
  • SMTP
    Emergency Codes are to sent to the User's email account.
    
    
  • Twitter
    Emergency Codes are to be sent to the User's Twitter account. 

  
  

   

  Secondary Delivery Channel:

  
  

  This option determines the secondary delivery channel for sending emergency codes to the user;

  • SMS
    Emergency Codes are to be sent to the User's mobile device as a text message.
    
    
  • SMTP
    Emergency Codes are to sent to the User's email account.
    
    
  • Twitter
    Emergency Codes are to be sent to the User's Twitter account. 

  
  

  
  

  
  

  Available Channels

  The purpose of the section "Available Channels" is to provide the system administrator with policy settings that specify which communication channels can be used to send messages to users.

  

  
  

  
  

  By Email:

  This checkbox determines if the email message channel is presented as options for sending emergency codes.
  

   

  By SMS:

  This checkbox determines if the SMS text message channel is presented as options for sending emergency codes.
  

  
  

  By Phone Call:

  This checkbox determines if the phone call message channel is presented as options for sending emergency codes.
  

  
  

  Related Articles

  • Emergency Access Service - DEA
  • Manage Emergency Codes in the Service Console
  • Using an ICE Logon Procedure

  • The Emergency Code Authentication Method

  
  

Amongst other things, this policy will allow you to specify the size and lifetime of the emergency code.