When preparing programmable tokens for MFA use with AuthLite, you will first need to install AuthLite on your domain controller.

Once AuthLIte has been installed you will need to launch AuthLite Configuration, navigate to "Management Tasks | Global Configuration | Tokens Settings", then set the OATH token digits setting to "6";

Additional pre-requisites for using programmable tokens as software tokens with AuthLite can be found by making further configurations using the instructions found in the following AuthLite guide;

• Set up OATH Token Settings

Follow the instructions in this guide down to the point where you click the "Set up OATH Token" button;

After clicking on the "Set up Oath Token" button you will be presented with a QR code similar to the following;

You can use either the QR code, or the Base32 encoded seed data to to program the programmable token (either you burn the token yourself, or you send the QR code/Base32 Code to the user and they burn the token).

The next two sections explain how each of these two methods can be used to prepare the programmable token for use;

Programming the token using the QR code

The following wiki guide explains how the programmable tokens can be burned using the data encoded in the QR Code

• Click here for instructions on burning a token using a QR code...

  To program a SafeID/Diamond or SafeID/Pro token with a QR code, launch the SafeID/Diamond programming tool.  

  

  
  

  Click the Scan QR Code button 

  Click here for instructions on Scanning QR Codes ...

  Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

  You can scan the screen for a QR code, or load from a file.

  

  If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

  If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

  

  
  

  Select Scan Screen.

  If succeeded, the Seed box should be filled with the token's seed data.

  

  
  

  Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

  

  
  

  Press the Connect button

  

  
  

  Now, switch on a SafeID token and place it on the reader. 

  The tool will read out the token's serial number and time, and display them:

  

  
  

  If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

  Press the Burn button

  

  
  

  The token is successfully programmed.

  Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

  

  Related Articles

  • Programmable Tokens and keys
  • Hardware Tokens
  • NFC Card Reader
  • Checking and resolving time drift on a windows computer
  • How to generate QR codes for authenticator apps or programmable tokens
  • How to extract seed data from a QR code using a PC

Programming the token using the Base32 Code

An alternative approach to using the QR code is to manually burn the tokens by entering the base32 encoded seed direct into the programming tool.

• Click here for instructions on burning a token using a Base 32 encoded seed...

  Copy the value displayed in the box "Base32 Code (Google Auth);"

  

  
  

  Now on the programming app click on the "Edit" button, and paste the Base32 data into the field prompted "Seed (base32)";

  

  
  

  Leave the other settings in your programming app set to their default settings, then physically connect your token programmer to the USB port.

  At the dropdown "Reader:" you should now be able to select the connected reader;

  

  
  

  When the reader has been selected, click on the  button to connect the reader/writer.

  The prompt will now change to "Token or card not detected";

  

  
  

  When we burn the token we also want to keep a copy of the token's seed details, in order to retain the seed details ensure the option "Export Seed Data:" is selected;

  

  
  

  Turn on your programmable token (so that a 6 digit OTP code is displayed), then place the token on the reader, and the app will now be updated with details read off the reader;

  

  
  

  You are now ready to burn the token.  Ensure the token is still powered on, then click the  button to burn the token.

  After a small delay you should be presented with confirmation that the token has been programmed.

   

  
  

  The programmable token has now been prepared for use, however it is strongly suggested that you now  turn the token on and off to ensure that this all subsequent OTP codes generated by the token are using this new data.

Related Articles

• OTP Tokens
• Programmable Tokens and keys
• NFC Smart Card Reader
• Set up OATH Token Settings