Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
In the navigation pane, choose Users.
In the User Name list, choose the name of the intended MFA user, e.g. support
Choose the Security credentials tab.
Choose Manage next to Assigned MFA device. A popup windows as below will be prompted:
Select the option "Virtual MFA device", then click the Continue button
Click "Show QR code"
Keep the above popup window open, and do NOT click any button.
Then, follow the instruction below to program your SafeID token with the QR code
Programming single seeded tokens using a QR code on a windows PC
Download and launch the SafeID/Diamond programming tool.
Click the Scan QR Code button
Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.
You can scan the screen for a QR code, or load from a file.
If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).
If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app. In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated. To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.
Select Scan Screen.
If succeeded, the Seed box should be filled with the token's seed data.
Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"
Press the Connect button
Now, switch on a SafeID token and place it on the reader.
The tool will read out the token's serial number and time, and display them:
If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.
Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)
Programming single seeded tokens using a QR code on an Android mobile phone
Introduction
There are circumstance where you may want to replace a mobile phone based authentication app (such as google authenticator) with a programmable hardware token (such as the SafeID/Diamond or SafeID/Pro programmable tokens).
Before you can produce OTP codes using a programmable token you will need to obtain the seed data in the form of a compatible QR code.
Preparation
Before you can use an NFC enabled phone to burn programmable tokens you will need to perform the following preparatory steps;
Make sure you’re running the latest version of Android (the majority of new Android smartphones have an NFC chip in the phone).
Turn on your device and slide from the top down to access the android settings.
Maximise the displayed icons then ensure the "NFC" icon is enabled;
If asked if you want to turn on "Android Beam", confirm that you want the feature enabled.
If your mobile device runs android you will need to visit the Google play store and search for the app "Deepnet SafeID Programmer"
Download, Install and run this app.
There are 2 ways you can obtain the seed data or secret key:
When scanning a QR Code on an Android (or IOS) SafeID programming App you first need to make ensure that the QR code is ready for scanning using the camera on your smartphone.
Display the QR Code ready for scanning (the QR code below is just an example);
Next launch the app on your mobile device, and use the following instructions to burn the programmable token
Launch the app, point the camera at your QR code, then click on
the button;
After clicking on the
the button point the camera the QR code and the code will be automatically scanned;
The token's seed/secret is extracted from the QR code, and displayed in the "Seed" box;
You are now ready to burn the seed details onto the token.
Before you manually enter you seed data you need to ensure the seed is hex encoded (Hexadecimal encoded seeds are formed as a mixture of the letters " "A" to "F", together with any numerical digits (e.g. "0A9FBED34E0E504161F83B08BF000D3CF3418EDA").).
If the seed is Base32 encoded, then you will need to convert the seed to hex format (example tool provided below);
To convert Base32 encoded seed data to hexadecimal we suggest using the following online conversion tool:
In the field "Base32 string" copy the seed data you received in hex format then click the
The base32 version of the seed will be displayed in the "Output (base32)" field (see example below);
The field prompted "Seed (hex)" is not locked, so you will be able to directly enter your hex encoded seed into the app;
Ensure the time and algorithm settings are set as follows;
You are now ready to burn the seed details onto the token.
Burning Seed data onto the Programmable Tokens using an NFC enabled smartphone
Whilst the token can be programmed using the
button, we suggest you enable the option "Program Token Automatically";
Once this option has been enabled. programming of the token may be performed by simply turning on the token and placing it at the back of your mobile phone.
When you hear a beep, do not move the token until you hear the second beep, and the message "Token programmed successfully" will be displayed (indicating that the token has been programmed).
Related Articles
Programming single seeded tokens using a QR code on and iOS mobile phone
Introduction
There are circumstance where you may want to replace a mobile phone based authentication app (such as google authenticator) with a programmable hardware token (such as the SafeID/Diamond or SafeID/Pro programmable tokens).
Before you can produce OTP codes using a programmable token you will need to obtain the seed data in the form of a compatible QR code.
Preparation
Before you can use an NFC enabled phone to burn programmable tokens you will need to perform the following preparatory steps;
- Enable NFC on your iOS smartphone
- Install our SafeID programming app on your phone
Enabling NFC
The following procedure can be used to enable NFC on your iOS smartphone;
Installing the SafeID Programmer on your phone
The SafeID programming app is available for download in versions suitable for Windows, Android and iOS devices.
Instructions for downloading the programming app on your iOS device;
If your mobile device runs android you will need to visit the apple play store and search for the app "SafeID Programmer"
Download, Install and run this app.
Burning Seed data onto the Programmable Tokens using an NFC enabled smartphone
When scanning a QR Code on an Android (or IOS) SafeID programming App you first need to make ensure that the QR code is ready for scanning using the camera on your smartphone.
Display the QR Code ready for scanning (the QR code below is just an example);
Next launch the app on your mobile device, and use the following instructions to burn the programmable token;
Launch the app, point the camera at your QR code, then click on
the button to scan the image;After the QR Code has been scanned you will find that the seed details have been automatically added to the app and you will be ready to burn the seed details onto the token.
Switch on the programmable token and place it against the back of the phone, then use the
button to start burning the token.When you hear a beep, do not move the token until you hear the second beep, and the message "Token programmed successfully" will be displayed (indicating that the token has been programmed).
Related Articles
Programming multi-seeded tokens
If you have a multi seeded programmable token (such as the SafeID PinPad(pro) or SafeID QR(pro), then please see the instructions in the following guides;
Related Articles
After you have successfully programmed the token with the QR code, you can return to the popup window.
Use the SafeID/Diamond token that you just programmed to generate 2 passcodes, then enter the passcodes in the above window in the MFA code 1 and MFA code 2 entries
Click the "Assign MFA" button.
If both the MFA code 1 and 2 are correct, then you have completed the setup
