There are circumstances when it would be useful to import google authenticator tokens into Azure (for example if you have already programmed a SafeID/Diamond token with a google authenticator token created by Google).
The following procedure assumes that you still have the QR code that was used to program the programmable token (or the QR code was used to add a token to the google authenticator app).
Please note that this solution can only be used if you have a premium Azure account (a P1/P2 license for your azure users as global administrator privileges will be required to assign the tokens to your users using this method).
Obtaining the seed data from the google authenticator QR Code
Let us assume that we have programmed a diamond token using the following QR code;
Whilst there are several ways to convert this QR code to text (and extract the seed data) we already have an app that can perform this task for us (the SafeID/Diamond programming tool app)
Run the app on the same window that is displaying the QR code to be examined, then use the "Scan Screen" feature to obtain the seed data;
After scanning the QR code you will find the base32 seed data field will now include seed details extracted from the QR code;
Copy and paste the following text into a text editor (such as notepad);
upn,serial number,secret key,time interval,manufacturer,model <user's email address>,<serial number>,<secret key>,30,Deepnet Security,SafeID/Diamond
Edit the text file and replace the following parts;
<user's email address> replace with the UPN email address of the Azure/Office 365 user that will be using the token
<serial number> replace with the serial number that you want to use with this token (if the seed was burnt onto a programmable token then use the serial number on the back of the token).
<secret key> replace with the seed (in base32 format) that was produced when you scanned the QR Code.
Once you have added the users email address and replaced the serial number and seed data you should save the file (add a ".CSV" extension to the filename);
upn,serial number,secret key,time interval,manufacturer,model user001@contoso.com,10001001,234567ABCDEFGHIJKLMNOPQRSTUVWXYZ,30,Deepnet Security,SafeID/Diamond
*Please note that the above seed file is only an example. If you have not received the seed file of your tokens, please contact your reseller or Deepnet Security.
The file will now be ready for importing into Azure/Office 365.
Importing the seed data into Azure
Using the newly created seed file upload the token details to Azure (follow the instructions in the section "Upload Tokens" in the wiki guide below);