DualShield supports a variety of security tokens and keys as the second authentication factor, which include SMS code, OTP token, FIDO key, Smart card, Face recognition etc.
To get started, app-based OTP token, aka software OTP token is probably the easiest option. For OTP token app, DualShield provides its own OTP app called Deepnet MobileID. DualShield also supports 3rd-party OTP apps such as Google Authenticator, Microsoft Authenticator etc, which are basically the same as Deepnet MobileID in term of functionality. However, Deepnet MobileID is probably the best in term of flexiblity and mobility. Deepnet MobileID can be installed on all mobile OS such as iPhone and Android, as well as desktop OS such as Windows, MacOS and Linux.
To setup a MobileID token, following the steps below:
To create a token for a user, you need to navigate to the user's token management panel
To manage a user's tokens, first search for the user's account
In the DualShield Admin Console, navigate to "Directory | Users"
In the Domain list, select the domain that you want to work on, e.g. DeepnetMFA.com
If you click the "Search" button, it will list all users in the entire directory up to the query limit.
To narrow down your search, click the "Filter" button
Enter the user's login name, e.g. 2FA, then click the "Search" button (You can change the search filter or add more filters)
Once you have found the user account, click on its context menu icon "..." to bring up the context menu:
Click "Tokens" from the context menu
Then, click the "CREATE" button on the toolbar
In the token editor window, select the Product/Model of the token that you want to create or edit, e.g.MobileID/Time-Based
Fill in the token properties if necessary
Click the "Save" button.
In the "Product/Model" list, select "MobileID/Time-Based"
Typically, you do not need to fill in any box in the form.
The mobile number and email address are only used for sending the download link to the user, and they are retrieved from the user's AD account. You would only need to enter the user's mobile number or email address in this form if
you want to send the token's download link to the user by text or email
the user's AD account does not have a mobile number or email address
the user wants to use an alternative mobile number or email address to receive the token's download link
Click the SAVE button to create a new MobileID token
There are 3 ways to get the QR code of a MobileID token
Locate the MobileID token in the user's account
To manage a user's tokens, first search for the user's account
In the DualShield Admin Console, navigate to "Directory | Users"
In the Domain list, select the domain that you want to work on, e.g. DeepnetMFA.com
If you click the "Search" button, it will list all users in the entire directory up to the query limit.
To narrow down your search, click the "Filter" button
Enter the user's login name, e.g. 2FA, then click the "Search" button (You can change the search filter or add more filters)
Once you have found the user account, click on its context menu icon "..." to bring up the context menu:
Click "Tokens" from the context menu
Now, click the token's context menu icon "..." to bring up its context menu:
Select "Display QR Code"
Login to the DualShield Service Console (DSC)
Find the MobileID token, click its context menu
Select "View QR Code" from its context menu
An OTP token's QR code can be sent to the user by email. This process is called "push token" to users.
A token can be pushed to the user by the server automatically or pushed to the user manually by the administrator in the admin console. Either way, a message template called "Push Token" will be used to create the email message. Therefore, you must customize the Push Token message temple first if you want users to receive their token's QR code by email.
Customize Push Token Message Template
The "Push Token" message template is used by the DualShield server when it sends users an email or SMS message that contains the user's OTP token information, such as the token's download link or the token's QR code etc.
You must customize the message template according to your requirements.
SMTP Template
If you want the server to push OTP tokens to users by email, then you need to customize the SMTP Template
Below is an example of the Push Token SMTP message template
Push Token Manually
The following procedure demonstrates how the system administrator can send the QR code to users by emails
Navigate to "Directory | Users", select the domain for your external directory, then for a selected user left click on the context menu and select "Tokens";
The token details for the selected user will now be show, left click on the context menu of the token to be pushed to the user then select the message channel to send the token (normally "By Email");
The QR code for the selected token will now be sent to the user by email.
End User Experience
Once the token has been sent to the user an email will arrive that includes the required QR code (example below);