Download Secure Authentication end-user guide MP token for Windows PC

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
Transcript 
Secure Authentication
end-user guide
version 1.1
end-user guide
Secure Authentication
Publication History
Date
Description
Revision
2013.04.05
2013.07.25
initial release (concatenation of separate end-user guides)
Enrollment process description updated
1.0
1.1
welcome
Orange Business Services would like to thank you for choosing our Secure Authentication
service to help you protect your on-line identity and the networks, applications and data you
use from unauthorized access.
This guide is intended for people in your company:
that will use our Secure Authentication service (end-users).
that will manage our Secure Authentication service (administrators).
This guide includes troubleshooting tips (marked with a yellow flag):
If these tips fail, contact your usual help desk to arrange for a troubleshooting session.
Click on the picture related to the token you want to use to directly access the right
documentation part.
MP for Windows PC
MP software token
MP for OSX Lion
MP for Apple iOS
KT hardware token
KT-4 token
KT-5 token
Grid token
GrIDsure
Password
Password
© Copyright Orange Business Services
2 of 102
end-user guide
© Copyright Orange Business Services
Secure Authentication
3 of 102
end-user guide
Secure Authentication
Contents
welcome ................................................................................................................................ 2
Secure Authentication End User Rules.................................................................................. 13
MP token for Windows PC ................................................................................................... 14
what is a MP token? ......................................................................................................... 14
how does it protect me? ................................................................................................... 14
can anybody use my MP token? ....................................................................................... 14
what kind of PIN Code is supported by MP token?............................................................ 15
what are Software Tools? ................................................................................................. 16
what is the “Token” application? .................................................................................... 16
what is “Token Manager” application? ........................................................................... 16
what are my responsibilities? ............................................................................................ 16
protect your PIN Code .................................................................................................. 16
what if I forget my PIN Code? ........................................................................................ 17
what if my MP token is locked? ..................................................................................... 17
how long will my MP token continue to operate? ............................................................... 17
what should I do if I can’t logon using my token? .............................................................. 17
how do I enroll with a MP token? ...................................................................................... 18
how do I access the enrollment web site? ..................................................................... 18
how do I select a Windows PC as target device? ........................................................... 19
how do I download the Software Tools installer?............................................................ 19
how do I run the Software Tools installer........................................................................ 20
how do I install the Software Tools? .............................................................................. 21
how do I download the MP token file? ........................................................................... 22
how do I install the MP token file with fixed PIN? ............................................................ 23
how do I install the MP token file with user-selected PIN? .............................................. 23
how do I launch the “Token” application? .......................................................................... 24
how do I select my MP token? .......................................................................................... 24
how do I authenticate with my MP token? ......................................................................... 25
server-side PIN Code .................................................................................................... 26
client-side PIN Code ..................................................................................................... 27
how do I change my PIN Code? ....................................................................................... 28
© Copyright Orange Business Services
4 of 102
end-user guide
Secure Authentication
server-side PIN Code .................................................................................................... 28
client-side PIN Code ..................................................................................................... 29
how do I resynchronize my MP token? .............................................................................. 29
server-side PIN Code .................................................................................................... 30
client-side PIN Code ..................................................................................................... 31
how do I rename my MP token? ....................................................................................... 32
how do I retrieve the “Token” application version? ............................................................. 32
how do I launch the “Token Manager” application? ........................................................... 33
how do I retrieve my MP token serial? ........................................................................... 33
how do I remove my MP token? .................................................................................... 34
how do I uninstall the Software Tools? .............................................................................. 34
MP token for OSX Lion......................................................................................................... 35
what is a MP token? ......................................................................................................... 35
how does it protect me? ................................................................................................... 35
can anybody use my MP token? ....................................................................................... 35
what kind of PIN Code is supported by MP token?............................................................ 36
what is the “MP” application? ........................................................................................... 37
what are my responsibilities? ............................................................................................ 37
protect your PIN Code .................................................................................................. 37
what if I forget my PIN Code? ........................................................................................ 37
what if my MP token is locked? ..................................................................................... 37
how long will my MP token continue to operate? ............................................................... 37
what should I do if I can’t logon using my token? .............................................................. 38
how do I enroll with a MP token? ...................................................................................... 39
how do I access the enrollment web site? ..................................................................... 39
how do I select a Mac as target device? ........................................................................ 40
how do I download the “MP” application ....................................................................... 40
how do I install the “MP” application? ............................................................................ 41
how do I download and install my MP token file? ........................................................... 42
how do I complete installation process with fixed PIN code ............................................ 43
how do I complete installation process with user-selected PIN code .............................. 43
how do I launch the MP application?................................................................................. 44
how do I authenticate with my MP token? ......................................................................... 44
Server-side PIN Code ................................................................................................... 45
© Copyright Orange Business Services
5 of 102
end-user guide
Secure Authentication
client-side PIN Code ..................................................................................................... 46
how do I change my PIN Code? ....................................................................................... 47
server-side PIN Code .................................................................................................... 47
client-side PIN Code ..................................................................................................... 48
how do I resynchronize my MP token? .............................................................................. 49
server-side PIN Code .................................................................................................... 50
client-side PIN Code ..................................................................................................... 51
how do I rename my MP token? ....................................................................................... 52
how do I retrieve my MP token serial? ............................................................................... 52
how do I retrieve the “Token” application version? ............................................................. 53
how do I remove my MP token? ....................................................................................... 53
MP token for iPhone ............................................................................................................ 54
what is a MP token? ......................................................................................................... 54
how does it protect me? ................................................................................................... 54
can anybody use my MP token? ....................................................................................... 54
what kind of PIN Code is supported by MP token?............................................................ 55
what is the “MP” application? ........................................................................................... 56
what are my responsibilities? ............................................................................................ 56
protect your PIN Code .................................................................................................. 56
what if I forget my PIN Code? ........................................................................................ 56
what if my MP token is locked? ..................................................................................... 56
how long will my MP token continue to operate? ............................................................... 56
what should I do if I can’t logon using my token? .............................................................. 57
how do I enroll with a MP token? ...................................................................................... 58
how do I access the enrollment web site? ..................................................................... 58
how do I select an iPhone as target device? .................................................................. 59
how do I download the “MP” application?...................................................................... 59
how do I install the “MP” application? ............................................................................ 60
how do I download the MP token file? ........................................................................... 60
how do I install the MP token file with user-selected PIN Code? ..................................... 61
how do I install the MP token file with fixed PIN Code?................................................... 62
how do I launch the “MP” application? .............................................................................. 62
how do I select my MP token? .......................................................................................... 62
how do I authenticate with my MP token? ......................................................................... 63
© Copyright Orange Business Services
6 of 102
end-user guide
Secure Authentication
server-side PIN Code .................................................................................................... 64
client-side PIN Code ..................................................................................................... 65
how do I edit my PIN Code? ............................................................................................. 66
how do I change my PIN Code? ....................................................................................... 67
server-side PIN Code .................................................................................................... 67
client-side PIN Code ..................................................................................................... 68
how do I resynchronize my MP token? .............................................................................. 68
how do I rename my MP token? ....................................................................................... 70
how do I retrieve my MP token serial? ............................................................................... 70
how do I remove a MP token? .......................................................................................... 71
how do I retrieve the “MP” application version? ................................................................. 71
how do I uninstall the “MP” application? ............................................................................ 72
KT token .............................................................................................................................. 73
what is a KT token? .......................................................................................................... 73
what is a KT token? .......................................................................................................... 73
how does it protect me? ................................................................................................... 73
what kind of PIN Code is supported by KT token? ............................................................ 74
what are my responsibilities? ............................................................................................ 74
protect your PIN Code .................................................................................................. 74
what if I forget my PIN Code? ........................................................................................ 74
what if my KT token is locked? ...................................................................................... 74
how long will my KT token continue to operate? ................................................................ 74
what should I do if I can’t logon using my token? .............................................................. 74
how do I enroll with a KT token? ....................................................................................... 75
how do I register my KT token? ..................................................................................... 76
how do I activate my KT token? .................................................................................... 77
how do I complete installation process with user-selected PIN code? ............................ 78
how do I complete installation process with fixed PIN code? .......................................... 78
how do I authenticate with my KT token? .......................................................................... 79
how do I change my PIN Code? ....................................................................................... 81
how do I resynchronize my KT token? ............................................................................... 82
GrIDsure token..................................................................................................................... 84
what is a GrIDsure token?................................................................................................. 84
how does it protect me? ................................................................................................... 84
© Copyright Orange Business Services
7 of 102
end-user guide
Secure Authentication
can anybody use my GrIDsure token?............................................................................... 87
what kind of PIN Code is supported by GrIDsure token? ................................................... 87
what are my responsibilities? ............................................................................................ 87
protect your PIN Code .................................................................................................. 87
what if I forget my PIN Code? ........................................................................................ 87
what if my GrIDsure token is locked? ............................................................................. 87
how long will my GrIDsure token continue to operate?....................................................... 87
what should I do if I can’t logon using my token? .............................................................. 88
how do I enroll with a GrIDsure token? .............................................................................. 89
how do I access the enrollment web site? ..................................................................... 89
how do I create my PIP? ............................................................................................... 90
how do I authenticate with my GrIDsure token?................................................................. 92
user-selected PIN Code ................................................................................................ 94
fixed PIN Code.............................................................................................................. 94
how do I change my PIN Code? ....................................................................................... 95
how do I change the PIP of my GrIDsure token? ............................................................... 96
Password ............................................................................................................................ 97
what is a password?......................................................................................................... 97
what are my responsibilities? ............................................................................................ 97
protect your password .................................................................................................. 97
what if my password token is locked? ........................................................................... 97
how long will my password continue to operate? .............................................................. 97
what should I do if I can’t logon using my token? .............................................................. 97
how do I enroll with a password? ......................................................................................... 98
how do I access the enrollment web site? ......................................................................... 98
how do I create my password? ......................................................................................... 99
how do I authenticate with my password? .......................................................................... 100
what to do if I forget my password?.................................................................................... 102
resend my password by e-mail ....................................................................................... 102
how do I change my password? ......................................................................................... 102
© Copyright Orange Business Services
8 of 102
end-user guide
Secure Authentication
Figures
Figure 1: self-enrollment link ................................................................................................. 18
Figure 2: select Windows PC as target device....................................................................... 19
Figure 3: download Software Tools installer .......................................................................... 19
Figure 4: run Software Tools installer (within Internet Explorer) ............................................... 20
Figure 5: run Software Tools installer (within Firefox) .............................................................. 20
Figure 6: install Software Tools ............................................................................................. 21
Figure 7: download token file ................................................................................................ 22
Figure 8: install token file (with fixed PIN Code)...................................................................... 23
Figure 9: install token file (with user-selected PIN Code) ........................................................ 23
Figure 10: select token ......................................................................................................... 24
Figure 11: access to the SAS self-service portal sign in page ................................................ 25
Figure 12: authenticate (with server-side PIN Code) .............................................................. 26
Figure 13: authenticate (with client-side PIN Code)................................................................ 27
Figure 14: change server-side PIN Code............................................................................... 28
Figure 15: change client-side PIN Code ................................................................................ 29
Figure 16: resynchronize token (common part)...................................................................... 29
Figure 17: resynchronize token (with server-side PIN Code) .................................................. 30
Figure 18: resynchronize token (with client-side PIN Code) .................................................... 31
Figure 19: rename token ...................................................................................................... 32
Figure 20: retrieve “Token” application version ...................................................................... 32
Figure 21: retrieve token serial .............................................................................................. 33
Figure 22: remove token ...................................................................................................... 34
Figure 23: self-enrollment link ............................................................................................... 39
Figure 24: select Mac as target device .................................................................................. 40
Figure 25: download “MP” application .................................................................................. 40
© Copyright Orange Business Services
9 of 102
end-user guide
Secure Authentication
Figure 26: install “MP” application ......................................................................................... 41
Figure 27: install MP token file .............................................................................................. 42
Figure 28: install MP token file with fixed PIN Code ............................................................... 43
Figure 29: install MP token file with user-selected PIN Code .................................................. 43
Figure 30: access to the SAS self-service portal sign in page ................................................ 44
Figure 31: authenticate (with server-side PIN Code) .............................................................. 45
Figure 32: authenticate (with client-side PIN Code)................................................................ 46
Figure 33: change server-side PIN Code............................................................................... 47
Figure 34: change client-side PIN Code ................................................................................ 48
Figure 35: resynchronize token (common part)...................................................................... 49
Figure 36: resynchronize token (with server-side PIN Code) .................................................. 50
Figure 37: resynchronize token (with client-side PIN Code) .................................................... 51
Figure 38: rename token ...................................................................................................... 52
Figure 39: retrieve token serial .............................................................................................. 52
Figure 40: retrieve “Token” application version ...................................................................... 53
Figure 41: remove token ...................................................................................................... 53
Figure 42: self-enrollment link ............................................................................................... 58
Figure 43: select iPhone as target device .............................................................................. 59
Figure 44: download “MP” application .................................................................................. 59
Figure 45: install "MP" application ......................................................................................... 60
Figure 46: download token file .............................................................................................. 60
Figure 47: install token file (with user selected PIN Code) ...................................................... 61
Figure 48: install token file (with fixed PIN Code).................................................................... 62
Figure 49: select token ......................................................................................................... 62
Figure 50: access to the SAS self-service portal sign in page ................................................ 63
Figure 51: authenticate (with server-side PIN Code) .............................................................. 64
Figure 52: authenticate (with client-side PIN Code)................................................................ 65
© Copyright Orange Business Services
10 of 102
end-user guide
Secure Authentication
Figure 53: edit token ............................................................................................................ 66
Figure 54: change server-side PIN Code............................................................................... 67
Figure 55: change client-side PIN Code ................................................................................ 68
Figure 56: resynchronize token (1/2) ..................................................................................... 68
Figure 57: resynchronize token (2/2) ..................................................................................... 69
Figure 58: rename token ...................................................................................................... 70
Figure 59: retrieve token serial .............................................................................................. 70
Figure 60: remove token ...................................................................................................... 71
Figure 61: retrieve MP application version ............................................................................. 71
Figure 62: uninstall MP application........................................................................................ 72
Figure 63: self-enrollment link ............................................................................................... 75
Figure 64: register token serial .............................................................................................. 76
Figure 65: activate token with PIN Code ............................................................................... 77
Figure 66: activate token with user selected PIN ................................................................... 78
Figure 67: activate token with user selected PIN ................................................................... 78
Figure 68: access to the SAS self-service portal sign in page ................................................ 79
Figure 69: authenticate......................................................................................................... 80
Figure 70: change PIN Code ................................................................................................ 81
Figure 71: resynchronize token (1/2) ..................................................................................... 82
Figure 72: resynchronize token (2/2) ..................................................................................... 83
Figure 73: how does it work 1/4 ........................................................................................... 85
Figure 74: how does it work 2/4 ........................................................................................... 85
Figure 75: how does it work 3/4 ........................................................................................... 86
Figure 76: how does it work 4/4 ........................................................................................... 86
Figure 77: self-enrollment link ............................................................................................... 89
Figure 78: create PIP............................................................................................................ 90
Figure 79: create PIP............................................................................................................ 91
© Copyright Orange Business Services
11 of 102
end-user guide
Secure Authentication
Figure 80: access to the SAS self-service portal sign in page ................................................ 92
Figure 81: authenticate (common part) ................................................................................. 93
Figure 82: authenticate (with server-side PIN Code) .............................................................. 94
Figure 83: authenticate (with fixed PIN Code) ........................................................................ 94
Figure 84: change PIN Code ................................................................................................ 95
Figure 85: change token PIP ................................................................................................ 96
Figure 86: self-enrollment link ............................................................................................... 98
Figure 87: create password .................................................................................................. 99
Figure 88: access to the SAS self-service portal sign in page .............................................. 100
Figure 89: authenticate with password ............................................................................... 101
Figure 90: resend password by e-mail (1/2) ........................................................................ 102
Figure 91: resend password by e-mail (2/2) ........................................................................ 102
© Copyright Orange Business Services
12 of 102
end-user guide
Secure Authentication
Secure Authentication End User Rules
These Rules of Use apply to your use of the enclosed token, card or other device (your Device)
and your secret Personal Identification Number (your PIN).
You should use your Device and your PIN to identify yourself to any systems or service secured
the Orange Secure Authentication service in accordance with these Rules and any written
agreements between yourself and your organization and your organization and Orange.
It is important that you take proper care of your Device, keep it safe and secure at all times and
guard against loss, damage and theft.
Your PIN must remain secret to you at all times. No other person ever needs to know this PIN
and you should not disclose it to anyone. This includes your colleagues and systems
administrators at your company and personnel who are, or claim to be representatives of
Orange or a Partner of Orange. You should be extremely suspicious of anyone who ever tells
you at they need to know your PIN, and you should report any such incident to your
Administrator immediately.
The privacy of your Device and the confidentiality of your PIN are crucial to the verification of
your on-line identity and the security of your information and the networked system(s) that may
be accessed using your identity.
If your Device is lost, damaged or stolen, or if you believe that the confidentiality of your secret
PIN has been compromised in any way, you should report these incidents immediately to your
Administrator. Upon receiving the notice, the Administrator will then disable your Device or
allow you to change your PIN, to ensure that no third party may misuse them.
If you do not report these incidents immediately, there is the risk that someone else may steal
your on-line identity. Any activities they carry out using your identity will compromise the
security and integrity of your information and systems. You may be held legally responsible for
activities that are perpetrated using your identity.
You must not give away, sell, rent or lend your Device even to someone you believe to be an
authorized user of the system.
You must not mistreat damage or open your Device or try to reverse-engineer, decompile,
disassemble, translate, copy, and alter the Device (or any of its components).
If you lose or break your Device a replacement fee will be charged by Orange to your
organization.
Should your account be terminated, for any reason, or if you have no further need to use the
system, you must contact your Administrator immediately to disable your Device and then
follow instructions from your Administrator to have it safely returned.
© Copyright Orange Business Services
13 of 102
end-user guide
Secure Authentication
MP token for Windows PC
In this chapter, you will find instructions for installing, activating and managing your MP token
for Windows PC devices.
The advantage of software tokens is mass deployment without hardware distribution. By
thoughtful selection of the type of device upon which a software token can be installed,
administrators can lock an end-user to a specific machine, limit the end-user to using only
secure platforms or provide complete machine independence.
With our Secure Authentication service, MP tokens can be issued, revoked and reissued
without restriction or the need to recover the MP token from the end-user. Multiple MP
software tokens can be installed on a single device (e.g. hard drive) provided the usernames
are unique.
what is a MP token?
Up until now, you’ve logged on with your User Name and Password. The problem is that
passwords are easily compromised, putting your identity and the resources you access at risk.
By using a MP token, you will be able to generate a “One-time Password” or “OTP”. As the
name implies, an OTP can only be used once. Each time you logon you will use your MP to
generate a new OTP.
how does it protect me?
Password theft is the single most common way thieves and hackers steal identities and gain
unauthorized access to networks and resources. While they have many ways to steal a
password, success depends on the stolen password being valid, much the way credit card
theft relies on the card being usable until you report it as stolen. The problem of course is that it
is almost impossible for you or the security professionals that manage your network to discover
your password has been compromised until long after damage has been done.
The MP token solves this problem because the instant you logon with your OTP, it is no longer
valid. Any attempt to logon by reusing the OTP will not only fail, but also instantly alert your
network security professionals to a possible attack on your identity.
can anybody use my MP token?
Thanks to PIN Code protection, your MP token is protected against unauthorized use by a PIN
Code only you know. Again, much like a bank card or “Chip and PIN” credit card, the thief not
only needs access to your MP token but must know your PIN Code as well. Any attempt to use
the MP token with and incorrect PIN Code will fail. Successive attempts to guess your PIN
Code will automatically “lock” your MP token, effectively disabling it, giving you and your
network security professionals time to deal with the threat.
© Copyright Orange Business Services
14 of 102
end-user guide
Secure Authentication
what kind of PIN Code is supported by MP token?
Server-side user-selected PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. You have the ability to change it at any time. Token Codes are
generated without entering any PIN Code in the “Token” application (OTP=PIN
Code+Token Code).
Server-side fixed PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. The PIN Code displayed during MP token installation is
permanent, you can not change it. Token Codes are generated without entering any PIN
Code in the “Token” application (OTP=PIN Code+Token Code).
Client-side user-selected PIN Code: the PIN Code is stored and managed at the Windows
PC level. You have the ability to change it at any time. The PIN Code must be entered into
the “Token“ application to generate a Token Code (OTP=Token Code).
Client-side fixed PIN Code: the PIN Code is stored and managed at the Windows PC level.
The PIN Code displayed during MP token installation is permanent, you can not change it.
The PIN Code must be entered into the “Token” application to generate a Token Code
(OTP = Token Code).
© Copyright Orange Business Services
15 of 102
end-user guide
Secure Authentication
what are Software Tools?
Software Tools is a set of applications you have to install on your Windows PC to install,
activate and manage your MP tokens. “Token” and “Token Manager” applications are part of
these Software Tools.
what is the “Token” application?
The “Token” application allows you to:
select a MP token when several are installed
generate a Token Code from a MP token
rename a MP token
resynchronize a MP token
change the PIN Code of a MP token (when client-side PIN Code type is used)
unlock a MP token when the feature is allowed by your Secure Authentication service
administrators.
retrieve the version of the “Token” application
what is “Token Manager” application?
The “Token Manager” application allows you to:
select a MP token when several are installed
retrieve the serial number of a MP token
remove a MP token from your Windows PC
what are my responsibilities?
Using the MP token will not only provides security, it will simplify your life be reducing or
eliminating the need to remember or periodically change passwords. Your MP token will do this
for you, every time you logon. However, you do have a few simple obligations.
protect your PIN Code
You have to protect your PIN Code just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your PIN Code and you should never reveal it to them. Never write down your PIN Code.
© Copyright Orange Business Services
16 of 102
end-user guide
Secure Authentication
what if I forget my PIN Code?
Contact your usual help desk. Upon verifying your identity they will be able to reset your PIN
Code.
what if my MP token is locked?
Contact your usual help desk. Upon verifying your identity they will be able to unlock your MP
token.
how long will my MP token continue to operate?
Your MP token will be able to generate OTPs until it is revoked by IT administrators.
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect OTP. Never attempt to reuse a
Token Code and ensure that you enter the Token Code exactly as displayed on the token,
including any upper and lower case letters and punctuation that it may contain.
By default, your account will automatically lock for 15 minutes if more than 3 consecutive logon
attempts fail. You must wait this amount of time before your account will unlock. Contact your
usual help desk to resolve logon problems.
© Copyright Orange Business Services
17 of 102
end-user guide
Secure Authentication
how do I enroll with a MP token?
When using Internet Explorer as Web browser
From the Internet Explorer menu bar, select “Tools”, “Internet Options”, “Security” tab,
“Trusted sites” zone, click on “Sites”, and add the following URL:
https://se.safenet-inc.com
This setting will allow your Internet Explorer web browser to install and run the Software Tools
activeX control.
how do I access the enrollment web site?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and click on the selfenrollment URL link 2 : your web browser will connect to the Secure Authentication enrollment
web site.
1
2
Figure 1: self-enrollment link
“SAS Self-enrollment” e-mail not received: verify if the mail is not stored in the “junk” folder of
your e-mail client.
“Your provisioning task has already been completed” error message: verify you opened the
latest self-enrollment message, and not an old one.
© Copyright Orange Business Services
18 of 102
end-user guide
Secure Authentication
how do I select a Windows PC as target device?
Within your web browser: select “Install Locally”
1
, then click on “Next”
2
.
1
2
Figure 2: select Windows PC as target device
how do I download the Software Tools installer?
Within your web browser: click on “Download Software Tools and Activatye Token” link 1 (that
automatically points to the adapted 32-bit or 64-bit Software Tools installer), then click on
“Next” 2 .
1
2
Figure 3: download Software Tools installer
© Copyright Orange Business Services
19 of 102
end-user guide
Secure Authentication
how do I run the Software Tools installer
You must have administrator rights on your Window PC to run the Software Tools
installer.
Internet Explorer
Within the Software Tools installer: click on “Run” 1 (if a “Security Warning” pop-up window is
displayed, click on “Run” 2 to accept the publisher of the installer).
1
2
Figure 4: run Software Tools installer (within Internet Explorer)
Firefox
If your Firefox browser displays Additional plugins are required to display all the media
on the page banner, close it.
Within the Software Tools installer: click on “Save File” 1 , save the Software Tools installer file
locally 2 , then click on the file name 3 to run the installer.
3
1
2
Figure 5: run Software Tools installer (within Firefox)
© Copyright Orange Business Services
20 of 102
end-user guide
Secure Authentication
how do I install the Software Tools?
Within the Software Tools installer: click on “Next” 1 , accept the terms in the license
agreement 2 , click on “Next” 3 , enter your user name and your organization name 4 , install
the application for “anyone who uses the computer (all users)” 5 , click on “Next” two times
6 7
(do not change the install directory), click on “Install” 8 , then on “Finish” 9 at the end of
the Software Tools installation.
4
2
1
5
3
6
7
8
9
Figure 6: install Software Tools
© Copyright Orange Business Services
21 of 102
end-user guide
Secure Authentication
how do I download the MP token file?
Internet Explorer
The MP token file download step is automatically managed by the Software Tools ActiveX.
“Token file download” page remains displayed on your Internet Explorer browser: verify the
Software Tools ActiveX control is enabled: upon your browser select “Tools”, “Manage Add-ons”,
“Enable or Disable Add-ons…”, “Add-ons that have been used by Internet Explorer” in the
“Show” drop-down list. The ActiveX control named “activeXWebAPIControl” must be referenced.
Verify you defined the SafeNet URL as trusted site (see Error! Reference source not found.
chapter).
Firefox
If your Firefox browser displays Additional plugins are required to display all the media
on the page banner, close it.
Click on “Download” 1 , open the token file with BlackShield Token application 2 , click on
“Next” 3 , enter the PIN displayed on the web page (here 0000) into the PIN “field” of the MP
application 4 , if needed select the MP token you want to use and click on “Generate Token
Code” 5 , enter the PIN displayed on the web page (here 0000) followed by the new
generated Token Code 6 , then click on “Next” 7 .
6
3
1
7
4
2
5
Figure 7: download token file
© Copyright Orange Business Services
22 of 102
end-user guide
Secure Authentication
how do I install the MP token file with fixed PIN?
Within your web browser: memorize the displayed PIN Code 1 (this will be your definitive PIN
Code), then click on “OK” 2 . The enrollment web site displays a page that confirms your MP
token has been successfully activated. Memorize your User ID 3 , then click on “Close” 4
(when using Firefox, you have to close the browser ).
1
2
3
4
Figure 8: install token file (with fixed PIN Code)
how do I install the MP token file with user-selected PIN?
Within your web browser: choose your PIN Code, enter it in the “New PIN” and “Verify PIN”
fields 1 then click on “Next” 2 . The enrollment web site displays a page that confirms your
MP token has been successfully activated. Memorize your User ID 3 , then click on “Close” 4
(when using Firefox you have to close the browser).
3
1
2
4
Figure 9: install token file (with user-selected PIN Code)
“PIN change failed” error message: try to enter your new PIN Code again making sure to meet
complexity requirements displayed.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
© Copyright Orange Business Services
23 of 102
end-user guide
Secure Authentication
how do I launch the “Token” application?
Within the Windows taskbar: click on “Start”, “Programs”, “SafeNet”, “Tokens” two times“.
how do I select my MP token?
Within your “Token” application: when only one MP token is installed, it is automatically
selected 1 , else use the dropdown menu 2 to select the MP token you want to use.
2
1
Figure 10: select token
© Copyright Orange Business Services
24 of 102
end-user guide
Secure Authentication
how do I authenticate with my MP token?
You have the ability to test authentication with your MP token thanks to the SAS self-service
portal.
1. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and click on
the SAS self-service portal URL link 2 : your web browser will connect to the self-service
web site.
2. Within the SAS self-service portal: within the “Home” page click on “Sign In”
“Authenticate” page click on “Sign in using your token” 4 .
3
, within the
1
2
3
4
Figure 11: access to the SAS self-service portal sign in page
The authentication process depends on the type of the MP Token PIN Code
© Copyright Orange Business Services
25 of 102
end-user guide
Secure Authentication
server-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 and your PIN Code in the “OTP” field 2 .
2. Within your “Token” application: click on “Generate Token Code”
3
, then on “Copy”
4
.
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value next to the PIN Code in the “OTP” field 5 , then click on “OK” 6 . The
“Sign Out” button 7 displayed within the “Home” page indicates your authentication is
successful.
SAS SELF SERVICE PORTAL
« TOKEN » APPLICATION
1
4
5
2
6
Token Code
3
PIN Code
End-user
7
Figure 12: authenticate (with server-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter your PIN Code followed by the Token Code generated by your MP token in the “OTP”
field.
© Copyright Orange Business Services
26 of 102
end-user guide
Secure Authentication
client-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 .
2. Within your “Token” application: click on “Generate Token Code” 2 , within the pop-up
windows enter your PIN Code in the “PIN” field 3 , click on “OK” 4 , then on “Copy” 5 .
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value in the “OTP” field 6 , then click on “OK” 7 . The “Sign Out” button 8
displayed within the “Home” page indicates your authentication is successful.
SAS SELF SERVICE PORTAL
« TOKEN » APPLICATION
1
5
6
2
Token Code
7
PIN Code
End-user
8
3
4
Figure 13: authenticate (with client-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter only the Token Code generated by your MP token in the “OTP” field.
© Copyright Orange Business Services
27 of 102
end-user guide
Secure Authentication
how do I change my PIN Code?
The PIN Code change process depends on the type of the MP Token PIN Code.
server-side PIN Code
Within the SAS self-service portal: within the “Home” page, once authenticated (“Sign Out”
button must be displayed 1 ), click on “Reset PIN” 2 , within the “Create New PIN” page
choose a new PIN Code and enter it in the “Create New PIN” and “Verify PIN” fields 3 , then
click on “OK” 4 . Within the “Create New PIN” page a message indicates your PIN Code
change is successful 5 .
1
2
3
4
5
Figure 14: change server-side PIN Code
”No tokens are enabled to change the Personal Identification Number (PIN)” error message:
your MP token has not a server-side PIN Code but a client-side instead.
© Copyright Orange Business Services
28 of 102
end-user guide
Secure Authentication
client-side PIN Code
Within your “Token” application: select “Tools”, “Change PIN” 1 , enter your current PIN Code
in the “Current PIN” field 2 , choose a new PIN Code and enter it in the “New PIN” and “Verify
New PIN” fields 3 , then click on “OK” 4 . At the bottom of your “Token application” a message
indicates your PIN Code change is successful. 5 .
2
1
3
4
5
Figure 15: change client-side PIN Code
”PIN Change Failed” error message: try to change your PIN Code again, making sure to enter a
complex one, the correct number of characters, and the correct types of character.
how do I resynchronize my MP token?
Within the SAS self-service portal: within the “Home” page click on “Resync Token” 1 , within
the “User” page enter your user ID in the “User ID” field 2 , click on “Next” 3 , enter the serial
of your MP token in the “Serial” field 4 , then click on “Next” 5 .
1
2
3
4
5
Figure 16: resynchronize token (common part)
© Copyright Orange Business Services
29 of 102
end-user guide
Secure Authentication
The end of the resynchronization process depends on the type of the MP Token PIN
Code.
server-side PIN Code
1. Within the SAS self-service portal: within the “Challenge/Response” page copy the
“Respond to challenge” value 1 .
2. Within your “Token” application: select “Tools”, “Resync” 2 , within the pop-up window
paste the challenge value in the “Challenge” field 3 , click on “OK” 4 , then click on “Copy”
5
to copy the generated response.
3. Within the SAS self-service portal: within the “Challenge/Response” page paste the
response value in the “Response” field 6 , then click on “OK” 7 . Within the “Confirmation”
page a message indicates your token resynchronization is successful 8 .
SAS SELF SERVICE PORTAL
« TOKEN » APPLICATION
2
1
Challenge
3
4
7
Response
6
7
5
8
Figure 17: resynchronize token (with server-side PIN Code)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
© Copyright Orange Business Services
30 of 102
end-user guide
Secure Authentication
client-side PIN Code
1. Within the SAS self-service portal: within the “Challenge/Response” page copy the
“Respond to challenge” value 1 .
2. Within your “Token” application: select “Tools”, then “Resync” 2 . Within the pop-up
window paste the challenge value in the “Challenge” field 3 , enter your PIN Code value in
the “PIN” field 4 , click on “OK” 5 , and then click on “Copy” 6 to copy the generated
response.
3. Within the SAS self-service portal: within the “Challenge/Response” page paste the
response value in the “Response” field 7 , then click on “OK” 8 . Within the “Confirmation”
page a message indicates your token resynchronization is successful 9 .
SAS SELF SERVICE PORTAL
« TOKEN » APPLICATION
2
1
3
Challenge
PIN Code
4
5
End-user
8
Response
7
8
6
9
Figure 18: resynchronize token (with client-side PIN Code)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
© Copyright Orange Business Services
31 of 102
end-user guide
Secure Authentication
how do I rename my MP token?
By default, MP token name is based on your user ID.
Within your “Token” application: select “Tools”, “Rename Token” 1 , within the pop-up window
enter the new MP token name in the “New Name” field 2 , then click on “OK” 3 . Your MP
token is now referenced with the new name 4 .
4
1
2
3
Figure 19: rename token
how do I retrieve the “Token” application version?
For maintenance or troubleshooting purposes, your IT administrator may ask you the version of
your Token application MP.
Within your “Token” application: select “Help”, “About”
version 2 , then click on “OK” 3 .
1
, memorize the “Token” application
1
2
3
Figure 20: retrieve “Token” application version
© Copyright Orange Business Services
32 of 102
end-user guide
Secure Authentication
how do I launch the “Token Manager” application?
Windows XP: within the Windows taskbar, select “Start”, “Settings”, “Control Panel”,
“BlackShield ID Token Manager”.
Windows 7: within the Windows taskbar, select “Start”, “Control Panel”, “BlackShield ID
Token Manager”.
how do I retrieve my MP token serial?
Within your “Token Manager” application: select the token you want to find the serial
on “Token Information” 2 , within the pop-up window memorize the MP token serial
click on “Close” 4 .
1
3
, click
, then
3
1
2
4
Figure 21: retrieve token serial
© Copyright Orange Business Services
33 of 102
end-user guide
Secure Authentication
how do I remove my MP token?
For maintenance or troubleshooting purposes, your IT administrator may ask you to remove a
MP token from your device.
Within your “Token Manager” application: select the token you want to remove 1 , click on
“Remove Token” 2 , within the pop-up window click on “Yes” 3 .The token has been
successfully removed 4 .
1
4
3
2
Figure 22: remove token
how do I uninstall the Software Tools?
For maintenance or troubleshooting purposes, your IT administrator may ask you to uninstall
the Software Tools from your device.
You must have administrator rights on your Windows PC to uninstall the Software
Tools.
Windows XP: from the Windows taskbar, select “Start”, “Settings”, “Control Panel”, “Add or
Remove Programs”, “SafeNet Authentication Service Software Tools”. Click on “Remove”
to run the Software Tools uninstaller and follow the instructions.
Windows 7: from the Windows taskbar, select “Start”, “Control Panel”, “Programs and
Features” option, “SafeNet Authentication Service Software Tools”. Right-click on
“Uninstall” to run the Software Tools uninstaller and follow the instructions.
Software Tools uninstaller does not delete the location where your MP token files are
stored. After performing a new install of the Software Tools, you will be able to use
them without enrolling again.
© Copyright Orange Business Services
34 of 102
end-user guide
Secure Authentication
MP token for OSX Lion
In this chapter, you will find instructions for installing, activating and managing your MP token
on Mac devices running OS X Lion.
The advantage of software tokens is mass deployment without hardware distribution. By
thoughtful selection of the type of device upon which a software token can be installed,
administrators can lock an end-user to a specific machine, limit the end-user to using only
secure platforms or provide complete machine independence.
With our Secure Authentication service, MP tokens can be issued, revoked and reissued
without restriction or the need to recover the MP token from the end-user. Multiple MP
software tokens can be installed on a single device (e.g. hard drive) provided the usernames
are unique.
what is a MP token?
Up until now, you’ve logged on with your User Name and Password. The problem is that
passwords are easily compromised, putting your identity and the resources you access at risk.
By using a MP token, you will be able to generate a “One-time Password” or “OTP”. As the
name implies, an OTP can only be used once. Each time you logon you will use your MP to
generate a new OTP.
how does it protect me?
Password theft is the single most common way thieves and hackers steal identities and gain
unauthorized access to networks and resources. While they have many ways to steal a
password, success depends on the stolen password being valid, much the way credit card
theft relies on the card being usable until you report it as stolen. The problem of course is that it
is almost impossible for you or the security professionals that manage your network to discover
your password has been compromised until long after damage has been done.
The MP token solves this problem because the instant you logon with your OTP, it is no longer
valid. Any attempt to logon by reusing the OTP will not only fail, but also instantly alert your
network security professionals to a possible attack on your identity.
can anybody use my MP token?
Thanks to PIN Code protection, your MP token is protected against unauthorized use by a PIN
Code only you know. Again, much like a bank card or “Chip and PIN” credit card, the thief not
only needs access to your MP token but must know your PIN Code as well. Any attempt to use
the MP token with and incorrect PIN Code will fail. Successive attempts to guess your PIN
Code will automatically “lock” your MP token, effectively disabling it, giving you and your
network security professionals time to deal with the threat.
© Copyright Orange Business Services
35 of 102
end-user guide
Secure Authentication
what kind of PIN Code is supported by MP token?
Server-side user-selected PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. You have the ability to change it at any time. Token Codes are
generated without entering any PIN Code in the “Token” application (OTP=PIN
Code+Token Code).
Server-side fixed PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. The PIN Code displayed during MP token installation is
permanent, you can not change it. Token Codes are generated without entering any PIN
Code in the “Token” application (OTP=PIN Code+Token Code).
Client-side user-selected PIN Code: the PIN Code is stored and managed at the Mac level.
You have the ability to change it at any time. The PIN Code must be entered into the
“Token“ application to generate a Token Code (OTP=Token Code).
Client-side fixed PIN Code: the PIN Code is stored and managed at the Mac level. The PIN
Code displayed during MP token installation is permanent, you can not change it. The PIN
Code must be entered into the “Token” application to generate a Token Code (OTP =
Token Code).
© Copyright Orange Business Services
36 of 102
end-user guide
Secure Authentication
what is the “MP” application?
The “MP” application allows you to:
select a MP token when several are installed
generate a Token Code from this MP token
rename this MP token
resynchronize this MP token
change the PIN Code of this MP token (when client-side PIN Code type is used)
unlock this MP token when the feature is allowed by your Secure Authentication service
administrators.
retrieve the serial number of this MP token
remove this MP token from your device
what are my responsibilities?
Using the MP token will not only provides security, it will simplify your life be reducing or
eliminating the need to remember or periodically change passwords. Your MP token will do this
for you, every time you logon. However, you do have a few simple obligations.
protect your PIN Code
You have to protect your PIN Code just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your PIN Code and you should never reveal it to them. Never write down your PIN Code.
what if I forget my PIN Code?
Contact your usual help desk. Upon verifying your identity they will be able to reset your PIN
Code.
what if my MP token is locked?
Contact your usual help desk. Upon verifying your identity they will be able to unlock your MP
token.
how long will my MP token continue to operate?
Your MP token will be able to generate OTPs until it is revoked by IT administrators.
© Copyright Orange Business Services
37 of 102
end-user guide
Secure Authentication
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect OTP. Never attempt to reuse a
Token Code and ensure that you enter the Token Code exactly as displayed on the token,
including any upper and lower case letters and punctuation that it may contain.
By default, your account will automatically lock for 15 minutes if more than 3 consecutive logon
attempts fail. You must wait this amount of time before your account will unlock. Contact your
usual help desk to resolve logon problems.
© Copyright Orange Business Services
38 of 102
end-user guide
Secure Authentication
how do I enroll with a MP token?
how do I access the enrollment web site?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and click on the selfenrollment URL link 2 : your favorite Web browser (here Safari) will connect to the Secure
Authentication enrollment web site.
1
2
Figure 23: self-enrollment link
“SAS Self-enrollment” e-mail not received: verify if the mail is not stored in the “junk” folder of
your e-mail client.
“Your provisioning task has already been completed” error message: verify you opened the
latest self-enrollment message, and not an old one.
© Copyright Orange Business Services
39 of 102
end-user guide
Secure Authentication
how do I select a Mac as target device?
Within your Safari browser: select “Mac OS X Lion”
instructions 3 before closing your browser.
1
, click on “Next”
2
, read displayed
1
2
3
Figure 24: select Mac as target device
how do I download the “MP” application
Within your e-mail client: open the “Token Installation for Mac OS X” message
“https://se.safenet-inc.com/selfEnrollment/MP-1.pkg” link 2 .
1
, click on
Within your Safari browser: in the upper right corner, click on the down arrow to display
downloads 3 , then click on “MP-1.pkg” file 4 to run the MP application installer.
1
2
3
4
Figure 25: download “MP” application
© Copyright Orange Business Services
40 of 102
end-user guide
Secure Authentication
how do I install the “MP” application?
Within your “MP” application installer: click on “Continue” 1 (to accept the installer certificate),
on “Continue” two times 2 3 , on “Agree” 4 (to accept the software license agreement), on
“Continue” 5 , select your “Macintosh HD” as destination 6 , click on “Continue” 7 , on “Install”
8
, then on “Close” at the end of the installation 9 .
1
4
2
3
5
6
7
8
9
Figure 26: install “MP” application
© Copyright Orange Business Services
41 of 102
end-user guide
Secure Authentication
how do I download and install my MP token file?
Within your e-mail client: open again the “Token Installation for Mac OS X” message, follow the
Step 2 instructions to copy the MP token file code 1 .
Within your finder: select “Application”, then click on “MP-1.app”
application.
Within your “MP” application: click on “Paste”
on “Continue” 4
3
2
to launch your “MP”
to paste your MP token file code, then click
1
3
2
4
Figure 27: install MP token file
The end of the MP token file installation process depends on the type of the MP
Token PIN Code.
© Copyright Orange Business Services
42 of 102
end-user guide
Secure Authentication
how do I complete installation process with fixed PIN code
Within your “MP” application: memorize the displayed PIN Code 1 (this will be your definitive
PIN Code), then click on “Continue” 2 . A new entry appears in the left panel of your “MP”
application confirming your MP token has been successfully activated. Memorize your User ID
3
.
3
1
2
Figure 28: install MP token file with fixed PIN Code
how do I complete installation process with user-selected PIN code
Within your “MP“ application: choose your PIN Code and enter it in the “Enter PIN” and “Reenter PIN” fields 1 , then click on “Continue” 2 . A new entry appears in the left panel of your
“MP” application confirming your MP token has been successfully activated. Memorize your
User ID 3 .
3
1
2
Figure 29: install MP token file with user-selected PIN Code
“PIN change failed” error message: try to enter your new PIN Code again making sure to meet
complexity requirements displayed.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
© Copyright Orange Business Services
43 of 102
end-user guide
Secure Authentication
how do I launch the MP application?
From the Mac Finder: select “Applications”, then “MP-1.app”.
how do I authenticate with my MP token?
You have the ability to test authentication with your MP token thanks to the SAS self-service
portal.
4. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and click on
the SAS self-service portal URL link 2 : your web browser will connect to the self-service
web site.
5. Within the SAS self-service portal: within the “Home” page click on “Sign In”
“Authenticate” page click on “Sign in using your token” 4 .
3
, within the
1
2
3
4
Figure 30: access to the SAS self-service portal sign in page
The authentication process depends on the type of the MP token PIN Code
© Copyright Orange Business Services
44 of 102
end-user guide
Secure Authentication
Server-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 and your PIN Code in the “OTP” field 2 .
2. Within your “MP” application: click on the tile of the MP token you want to use
“Copy” 4 to copy the generated Token Code.
3
, then on
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value next to the PIN Code in the “OTP” field 5 , then click on “OK” 6 . The
“Sign Out” button 7 displayed within the “Home” page indicates your authentication is
successful.
SAS SELF SERVICE PORTAL
« MP » APPLICATION
3
4
1
5
2
Token Code
6
PIN Code
End-user
7
Figure 31: authenticate (with server-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter your PIN Code followed by the Token Code generated by your MP token in the “OTP”
field.
© Copyright Orange Business Services
45 of 102
end-user guide
Secure Authentication
client-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 .
2. Within your “MP” application: click on the tile of the MP token you want to use 2 , enter
your PIN Code in the “PIN” field 3 , click on “Continue” 4 , then on “Copy” 5 to copy the
generated Token Code.
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value in the “OTP” field 6 , then click on “OK” 7 . The “Sign Out” button 8
displayed within the “Home” page indicates your authentication is successful.
SAS SELF SERVICE PORTAL
« MP » APPLICATION
2
PIN Code
3
End-user
1
4
6
Token Code
7
8
5
Figure 32: authenticate (with client-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter only the Token Code generated by your MP token in the “OTP” field.
© Copyright Orange Business Services
46 of 102
end-user guide
Secure Authentication
how do I change my PIN Code?
The PIN Code change process depends on the type of the MP token PIN Code
server-side PIN Code
Within the SAS self-service portal: within the “Home” page, once authenticated (“Sign Out”
button must be displayed 1 ), click on “Reset PIN” 2 , within the “Create New PIN” page
choose a new PIN Code and enter it in the “Create New PIN” and “Verify PIN” fields 3 , then
click on “OK” 4 . Within the “Create New PIN” page a message indicates your PIN Code
change is successful 5 .
1
2
3
4
5
Figure 33: change server-side PIN Code
”No tokens are enabled to change the Personal Identification Number (PIN)” error message:
your MP token has not a server-side PIN Code but a client-side instead.
© Copyright Orange Business Services
47 of 102
end-user guide
Secure Authentication
client-side PIN Code
Within your “MP” application: click on the tile of the MP token you want to use, select the gear
icon, then “Change PIN” 1 , enter your current PIN Code in the “Current PIN” field 2 , choose
a new PIN Code and enter it in the “New PIN” and “Verify New PIN” fields 3 , then click on
“Continue” 4 . In the right panel of your “MP” application a message indicates your PIN Code
change is successful 5 .
2
5
3
4
1
Figure 34: change client-side PIN Code
”PIN Change Failed” error message: try to change your PIN Code again, making sure to enter a
complex one, the correct number of characters, and the correct types of character.
© Copyright Orange Business Services
48 of 102
end-user guide
Secure Authentication
how do I resynchronize my MP token?
Within the SAS self-service portal: within the “Home” page click on “Resync Token” 1 , within
the “User” page enter your user ID in the “User ID” field 2 , click on “Next” 3 , enter the serial
of your MP token in the “Serial” field 4 , then click on “Next” 5 .
1
2
3
4
5
Figure 35: resynchronize token (common part)
The end of the resynchronization process depends on the type of the MP token PIN
Code
© Copyright Orange Business Services
49 of 102
end-user guide
Secure Authentication
server-side PIN Code
4. Within the SAS self-service portal: within the “Challenge/Response” page copy the
“Respond to challenge” value 1 .
5. Within your “MP” application: click on the tile of the MP token you want to use, select the
gear icon, then “Resync” 2 , paste the challenge value in the “Challenge” field 3 , click on
“Continue” 4 , then click on “Copy” 5 to copy the generated response.
6. Within the SAS self-service portal: within the “Challenge/Response” page paste the
response value in the “Response” field 6 , then click on “OK” 7 . Within the “Confirmation”
page a message indicates your token resynchronization is successful 8 .
SAS SELF SERVICE PORTAL
« MP » APPLICATION
3
1
Challenge
4
2
Response
6
7
5
8
Figure 36: resynchronize token (with server-side PIN Code)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
© Copyright Orange Business Services
50 of 102
end-user guide
Secure Authentication
client-side PIN Code
7. Within the SAS self-service portal: within the “Challenge/Response” page copy the
“Respond to challenge” value 1 .
8. Within your “Token” application: click on the tile of the MP token you want to use, select the
gear icon, then “Resync” 2 , enter you PIN Code in the “PIN” field 3 , click on” Continue”
4
, paste the challenge value in the “Challenge” field 5 , click on “Continue” 6 , then click
on “Copy” to copy the generated response 7 .
9. Within the SAS self-service portal: within the “Challenge/Response” page paste the
response value in the “Response” field 8 , then click on “OK” 9 . Within the “Confirmation”
page a message indicates your token resynchronization is successful .
SAS SELF SERVICE PORTAL
« MP » APPLICATION
3
End-user
PIN Code
1
4
2
Challenge
5
8
6
Response
8
9
7
Figure 37: resynchronize token (with client-side PIN Code)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
If the self-service portal displays the “The token cannot be synchronized” message :
Try to resynchronize your MP token again, making sure to copy/paste the right
challenge/response values.
© Copyright Orange Business Services
51 of 102
end-user guide
Secure Authentication
how do I rename my MP token?
By default, MP token name is based on your user ID.
Within your “MP” application: click on the tile of the MP token you want to use, select the gear
icon, then “Rename” 1 , enter your PIN Code in the “PIN” field 2 , click on “Continue” 3 , enter
the new MP token name in the “New Name” field 4 , then click on “Continue” 5 . Your MP
token is now referenced with the new name 6 .
6
2
4
3
5
1
Figure 38: rename token
how do I retrieve my MP token serial?
Within your “MP” application: memorize the serial value displayed within the tile of your MP
token 1 .
1
Figure 39: retrieve token serial
© Copyright Orange Business Services
52 of 102
end-user guide
Secure Authentication
how do I retrieve the “Token” application version?
For maintenance or troubleshooting purposes, your IT administrator may ask you the version of
your Token application MP.
Within your finder: select “Application”, then “MP-1.app”
version 1 .
1
. Memorize the “MP” application
2
1
Figure 40: retrieve “Token” application version
how do I remove my MP token?
For maintenance or troubleshooting purposes, your IT administrator may ask you to remove a
MP token from your device.
Within your “MP” application: click on the tile of the MP token you want to use, select the minus
icon 1 , check the “Remove Token box 2 , then click on “Continue” 3 .The token has been
successfully removed 4 . In the right panel of your “MP” application a message indicates your
MP token deletion is successful 5 .
5
2
3
1
Figure 41: remove token
© Copyright Orange Business Services
53 of 102
end-user guide
Secure Authentication
MP token for iPhone
In this chapter, you will find instructions for installing, activating and managing your MP token
for iPhone.
The advantage of software tokens is mass deployment without hardware distribution. By
thoughtful selection of the type of device upon which a software token can be installed,
administrators can lock an end-user to a specific machine, limit the end-user to using only
secure platforms or provide complete machine independence.
With our Secure Authentication service, MP tokens can be issued, revoked and reissued
without restriction or the need to recover the MP token from the end-user. Multiple MP
software tokens can be installed on a single device (e.g. hard drive) provided the usernames
are unique.
what is a MP token?
Up until now, you’ve logged on with your User Name and Password. The problem is that
passwords are easily compromised, putting your identity and the resources you access at risk.
By using a MP token, you will be able to generate a “One-time Password” or “OTP”. As the
name implies, an OTP can only be used once. Each time you logon you will use your MP to
generate a new OTP.
how does it protect me?
Password theft is the single most common way thieves and hackers steal identities and gain
unauthorized access to networks and resources. While they have many ways to steal a
password, success depends on the stolen password being valid, much the way credit card
theft relies on the card being usable until you report it as stolen. The problem of course is that it
is almost impossible for you or the security professionals that manage your network to discover
your password has been compromised until long after damage has been done.
The MP token solves this problem because the instant you logon with your OTP, it is no longer
valid. Any attempt to logon by reusing the OTP will not only fail, but also instantly alert your
network security professionals to a possible attack on your identity.
can anybody use my MP token?
Thanks to PIN Code protection, your MP token is protected against unauthorized use by a PIN
Code only you know. Again, much like a bank card or “Chip and PIN” credit card, the thief not
only needs access to your MP token but must know your PIN Code as well. Any attempt to use
the MP token with and incorrect PIN Code will fail. Successive attempts to guess your PIN
Code will automatically “lock” your MP token, effectively disabling it, giving you and your
network security professionals time to deal with the threat.
© Copyright Orange Business Services
54 of 102
end-user guide
Secure Authentication
what kind of PIN Code is supported by MP token?
Server-side user-selected PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. You have the ability to change it at any time. Token Codes are
generated without entering any PIN Code in the “MP” application (OTP=PIN Code+Token
Code).
Server-side fixed PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. The PIN Code displayed during MP token installation is
permanent, you can not change it. Token Codes are generated without entering any PIN
Code in the “MP” application (OTP=PIN Code+Token Code).
Client-side user-selected PIN Code: the PIN Code is stored and managed at the iPhone
level. You have the ability to change it at any time. The PIN Code must be entered into the
“MP“ application to generate a Token Code (OTP=Token Code).
Client-side fixed PIN Code: the PIN Code is stored and managed at the iPhone level. The
PIN Code displayed during MP token installation is permanent, you can not change it. The
PIN Code must be entered into the “MP” application to generate a Token Code (OTP =
Token Code).
© Copyright Orange Business Services
55 of 102
end-user guide
Secure Authentication
what is the “MP” application?
The “MP” application allows you to:
select a MP token when several are installed
generate a Token Code from this MP token
rename a MP token
resynchronize a MP token
change the PIN Code of a MP token (when client-side PIN Code type is used)
retrieve the serial number of a MP token
remove a MP token from your iPhone
You can download MP application from App Store for free.
what are my responsibilities?
Using the MP token will not only provides security, it will simplify your life be reducing or
eliminating the need to remember or periodically change passwords. Your MP token will do this
for you, every time you logon. However, you do have a few simple obligations.
protect your PIN Code
You have to protect your PIN Code just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your PIN Code and you should never reveal it to them. Never write down your PIN Code.
what if I forget my PIN Code?
Contact your usual help desk. Upon verifying your identity they will be able to reset your PIN
Code.
what if my MP token is locked?
Contact your usual help desk. Upon verifying your identity they will be able to unlock your MP
token.
how long will my MP token continue to operate?
Your MP token will be able to generate OTPs until it is revoked by IT administrators.
© Copyright Orange Business Services
56 of 102
end-user guide
Secure Authentication
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect OTP. Never attempt to reuse a
Token Code and ensure that you enter the Token Code exactly as displayed on the token,
including any upper and lower case letters and punctuation that it may contain.
By default, your account will automatically lock for 15 minutes if more than 3 consecutive logon
attempts fail. You must wait this amount of time before your account will unlock. Contact your
usual help desk to resolve logon problems.
© Copyright Orange Business Services
57 of 102
end-user guide
Secure Authentication
how do I enroll with a MP token?
In this chapter, Safari Web browser is used. Please use e-mail client (and not
browser/webmail) to access messages sent by the SAS.
how do I access the enrollment web site?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and tap the selfenrollment URL link 2 : your web browser will connect to the Secure Authentication enrollment
web site.
1
2
Figure 42: self-enrollment link
“SAS Self-enrollment” e-mail not received: verify if the mail is not stored in the “junk” folder of
your e-mail client.
“Your provisioning task has already been completed” error message: verify you opened the
latest self-enrollment message, and not an old one.
© Copyright Orange Business Services
58 of 102
end-user guide
Secure Authentication
how do I select an iPhone as target device?
Within your Safari browser: tap “iPhone”
before closing your browser.
1
, click on “Next”
2
, read displayed instructions
3
3
1
2
Figure 43: select iPhone as target device
how do I download the “MP” application?
1. Within your e-mail client: open the “Over-The-Air (OTA) Installation” message 1 , tap the
icon related to the Apple iOS 2 to retrieve the “MP” application from the App Store.
2. Within the App Store: tap “FREE”
3
to download the “MP” application.
3
1
2
Figure 44: download “MP” application
© Copyright Orange Business Services
59 of 102
end-user guide
Secure Authentication
how do I install the “MP” application?
1. Within the App Store: tap “INSTALL APP”
1
to install the “MP” application on your iPhone.
2. Within your iPhone home screen: at the end of the installation, the “MP” application launch
icon 2 appears.
2
1
Figure 45: install "MP" application
how do I download the MP token file?
1. Within your e-mail client: open the “Over-The-Air (OTA) Installation” message 1 again, tap
the MP-1 token profile URL link 2 to retrieve the “MP” application from the App Store.
2. Within your Safari browser: the MP token file (with “.7mp” extension) is now downloaded
3
.
1
3
2
Figure 46: download token file
© Copyright Orange Business Services
60 of 102
end-user guide
Secure Authentication
how do I install the MP token file with user-selected PIN Code?
1. Within your Safari browser: tap “Open in MP-1”
1
.
2. Within your “MP” application: choose your PIN Code and enter it the “Enter new PIN” field
2
, tap “Done” 3 , re-enter your PIN Code in the “Re-enter new PIN” field 4 , then tap
“Done” 5 to display the “Select Token” screen.
3
5
1
2
4
Figure 47: install token file (with user selected PIN Code)
“PIN change failed” error message: try to enter your new PIN Code again making sure to meet
complexity requirements displayed.
“You have failed to provide the correct response too many times” message: contact your usual
help desk.
© Copyright Orange Business Services
61 of 102
end-user guide
Secure Authentication
how do I install the MP token file with fixed PIN Code?
1. Within your Safari browser: tap “Open in MP-1”
1
.
2. Within your “MP” application: memorize the displayed PIN Code
“Cancel” 4 to display the “Select Token” screen.
2
, tap “OK”
3
, then
4
1
2
3
Figure 48: install token file (with fixed PIN Code)
how do I launch the “MP” application?
Within your iPhone home screen: tap the “MP” application launch icon.
how do I select my MP token?
Within your “MP” application: within the “Select Token” screen, tap the tile of the MP token you
want to select 1 .
1
Figure 49: select token
© Copyright Orange Business Services
62 of 102
end-user guide
Secure Authentication
how do I authenticate with my MP token?
You have the ability to test authentication with your MP token thanks to the SAS self-service
portal.
1. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and tap the
SAS self-service portal URL link 2 : your web browser will connect to the self-service web
site.
2. Within the SAS self-service portal: within the “Home” page tap “Sign In”
“Authenticate” page tap “Sign in using your token” 4 .
3
, then within the
1
3
4
2
Figure 50: access to the SAS self-service portal sign in page
The authentication process depends on the type of the MP token PIN Code.
© Copyright Orange Business Services
63 of 102
end-user guide
Secure Authentication
server-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 and your PIN Code in the “OTP” field 2 .
2. Within your “MP” application: within the “One-Time Password” screen copy the new
generated Token Code value 3 (hold your finger on the value until the “Copy” icon
appears).
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value next to the PIN Code in the “OTP” field 4 (hold your finger on the field
until the “Paste” icon appears), then tap “OK” 5 . The “Sign Out” button 6 displayed within
the “Home” page indicates your authentication is successful.
SAS SELF SERVICE PORTAL
« MP » APPLICATION
1
Token Code
4
3
2
5
PIN Code
End-user
6
Figure 51: authenticate (with server-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter your PIN Code followed by the Token Code generated by your MP token in the “OTP”
field.
© Copyright Orange Business Services
64 of 102
end-user guide
Secure Authentication
client-side PIN Code
1. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 .
2. Within your “MP” application: enter your PIN Code in the “Enter PIN for token” field 2 , tap
“Done” 3 , within the “One-Time Password” screen copy the new generated Token Code
value 4 (hold your finger on the value until the “Copy” icon appears).
3. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code in the “OTP” field 5 (hold your finger on the field until the “Paste” icon
appears), then click on “OK” 6 . The “Sign Out” button 7 displayed within the “Home”
page indicates your authentication is successful.
SAS SELF SERVICE PORTAL
« MP » APPLICATION
3
PIN Code
End-user
2
1
5
6
Token Code
7
4
Figure 52: authenticate (with client-side PIN Code)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter only the Token Code generated by your MP token in the “OTP” field.
© Copyright Orange Business Services
65 of 102
end-user guide
Secure Authentication
how do I edit my PIN Code?
Within your “MP” application: within the “Select Token” screen, tap the tile of the MP token you
want to edit 1 , tap “Edit” 2 , then tap the tile of the MP token again 3 to display the “Edit
Token” screen.
2
1
3
Figure 53: edit token
© Copyright Orange Business Services
66 of 102
end-user guide
Secure Authentication
how do I change my PIN Code?
The PIN Code change process depends on the type of the MP token PIN Code.
server-side PIN Code
Within the SAS self-service portal: within the “Home” page, once authenticated (“Sign Out”
button must be displayed 1 ), tap “Reset PIN” 2 , within the “Create New PIN” page choose a
new PIN Code and enter it in the “Create New PIN” and “Verify PIN” fields 3 , then tap “OK” 4 .
Within the “Create New PIN” page a message indicates your PIN Code change is successful 5 .
1
2
5
3
4
Figure 54: change server-side PIN Code
”No tokens are enabled to change the Personal Identification Number (PIN)” error message:
your MP token has not a server-side PIN Code but a client-side instead.
© Copyright Orange Business Services
67 of 102
end-user guide
Secure Authentication
client-side PIN Code
Within your “MP” application: within the “Edit Token” screen tap “Change PIN” 1 , choose a
new PIN Code and enter it in the “Enter new PIN” field 2 , tap “Done” 3 , re-enter your new
PIN Code in the “Re-enter new PIN” field 4 , then tap “Done” 5 .
3
5
1
2
4
Figure 55: change client-side PIN Code
how do I resynchronize my MP token?
1. Within the SAS self-service portal: within the “Home” page tap “Resync Token” 1 , within
the “User” page enter your user ID in the “User ID” field 2 , tap “Next” 3 , enter the serial
of your MP token in the “Serial” field 4 , then tap “Next” 5 .
1
2
4
3
5
Figure 56: resynchronize token (1/2)
© Copyright Orange Business Services
68 of 102
end-user guide
Secure Authentication
2. Within the SAS self-service portal: within the “Challenge/Response” page copy the
challenge value 1 (hold your finger on the value until the “Copy” icon appears).
3. Within your “MP” application: within the “Edit Token” screen tap “Resync Token” 2 , within
the “Resync Token” screen paste the challenge value in the “Enter Challenge for token” field
3
(hold your finger on the field until the “Paste” icon appears), tap “Done” 4 , copy the
generated response value 5 (hold your finger on the value until the “Copy” icon appears).
4. Within the SAS self-service portal: within the “Challenge/Response” page paste the
response value in the “Response” field 6 (hold your finger on the field until the “Paste” icon
appears), then click on “OK” 7 . Within the “Confirmation” page a message indicates your
token resynchronization is successful 8 .
SAS SELF SERVICE PORTAL
« MP » APPLICATION
» APPLICATION
2
1
Challenge
4
3
6
7
Response
5
8
Figure 57: resynchronize token (2/2)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
© Copyright Orange Business Services
69 of 102
end-user guide
Secure Authentication
how do I rename my MP token?
By default, MP token name is based on your user ID.
Within your “MP” application: within the “Edit Token” screen tap “Rename Token” 1 , within the
“Rename Token” screen enter the new MP token name in the “Enter New Name” field 2 , tap
“Done” 3 , within “the Edit Token” screen tap “Select Token” 4 . Within the “Edit Token” screen,
your MP token is now referenced with the new name 5 .
3
4
5
2
1
Figure 58: rename token
how do I retrieve my MP token serial?
Within your “MP” application: within the “Edit Token” screen tap “Operation” 1 , within the
“Operation” memorize the displayed MP token serial 2 , then tap “Done” 3 to return to the
“Edit Token” screen.
3
2
1
Figure 59: retrieve token serial
© Copyright Orange Business Services
70 of 102
end-user guide
Secure Authentication
how do I remove a MP token?
For maintenance or troubleshooting purposes, your usual help desk may ask you to remove a
MP token from your device.
Within your “MP” application: within the “Select Token” screen tap “Edit”
the left of the token 2 , “Delete” 3 , then “Delete Token” 4 .
1
, the red symbol to
1
2
3
4
Figure 60: remove token
how do I retrieve the “MP” application version?
For maintenance or troubleshooting purposes, your usual help desk may ask you the version of
your MP application.
Within your “MP” application: within the “Select Token” screen tap the “Information” icon 1 ,
memorize the displayed “MP” application version 2 , then tap “Done” 3 to return to the “Select
Token” screen.
3
2
1
Figure 61: retrieve MP application version
© Copyright Orange Business Services
71 of 102
end-user guide
Secure Authentication
how do I uninstall the “MP” application?
For maintenance or troubleshooting purposes, your usual help desk may ask you to uninstall
the “MP” application from your iPhone.
Within your iPhone home screen: hold your finger on the MP application icon until the icon
begins to shake or wiggle 1 , tap "x" in the upper left hand corner of the icon 2 , then tap
“Delete” within the pop-up window 3 .
2
1
3
Figure 62: uninstall MP application
© Copyright Orange Business Services
72 of 102
end-user guide
Secure Authentication
KT token
Orange Business Services would like to thank you for choosing our Secure Authentication
service to help you protect your on-line identity and the networks, applications and data you
use from unauthorized access.
In this chapter, you will find instructions for installing, activating and managing your KT token.
what is a KT token?
Up until now, you’ve logged on with your User Name and Password. The problem is that
passwords are easily compromised, putting your identity and the resources you access at risk.
By using a KT token, you will be able to generate a “One-time Password” or “OTP”. As the
name implies, an OTP can only be used once. Each time you logon you will use your KT token
to generate a new OTP.
what is a KT token?
The KT-5 Key Chain token generates a new, pseudo-random Token Code each time the token
is activated. The KT token is activated by pressing the button located to the right and below the
LCD display.
The KT Token Code consists of a string of 8 characters that is used to guard against
unauthorized use.
how does it protect me?
Password theft is the single most common way thieves and hackers steal identities and gain
unauthorized access to networks and resources. While they have many ways to steal a
password, success depends on the stolen password being valid, much the way credit card
theft relies on the card being usable until you report it as stolen. The problem of course is that it
is almost impossible for you or the security professionals that manage your network to discover
your password has been compromised until long after damage has been done.
The KT token solves this problem because the instant you logon with your OTP, it is no longer
valid. Any attempt to logon by reusing the OTP will not only fail, but also instantly alert your
network security professionals to a possible attack on your identity.
Thanks to PIN Code protection, your KT token is protected against unauthorized use by a PIN
Code only you know. Again, much like a bank card or “Chip and PIN” credit card, the thief not
only needs access to your KT token but must know your PIN Code as well. Any attempt to use
the KT token with and incorrect PIN Code will fail. Successive attempts to guess your PIN
Code will automatically “lock” your KT token, effectively disabling it, giving you and your
network security professionals time to deal with the threat.
© Copyright Orange Business Services
73 of 102
end-user guide
Secure Authentication
what kind of PIN Code is supported by KT token?
Server-side user-selected PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. You have the ability to change it at any time. Token Codes are
generated without entering any PIN Code in the “Token” application (OTP=PIN
Code+Token Code).
Server-side fixed PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. The PIN Code displayed during MP token installation is
permanent, you can not change it. Token Codes are generated without entering any PIN
Code in the “Token” application (OTP=PIN Code+Token Code).
what are my responsibilities?
Using the KT token will not only provides security, it will simplify your life be reducing or
eliminating the need to remember or periodically change passwords. Your KT token will do this
for you, every time you logon. However, you do have a few simple obligations.
protect your PIN Code
You have to protect your PIN Code just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your PIN Code and you should never reveal it to them. Never write down your PIN Code.
what if I forget my PIN Code?
Contact your usual help desk. Upon verifying your identity they will be able to reset your PIN
Code.
what if my KT token is locked?
Contact your usual help desk. Upon verifying your identity they will be able to unlock your KT
token.
how long will my KT token continue to operate?
Your KT token will be able to generate OTPs until it is revoked by IT administrators.
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect OTP. Never attempt to reuse a
Token Code and ensure that you enter the Token Code exactly as displayed on the token,
including any upper and lower case letters and punctuation that it may contain.
By default, your account will automatically lock for 15 minutes if more than 3 consecutive logon
attempts fail. You must wait this amount of time before your account will unlock. Contact your
usual help desk to resolve logon problems.
© Copyright Orange Business Services
74 of 102
end-user guide
Secure Authentication
how do I enroll with a KT token?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and click on the selfenrollment URL link 2 : your web browser will connect to the Secure Authentication enrollment
web site.
1
2
Figure 63: self-enrollment link
“SAS Self-enrollment” e-mail not received: verify if the mail is not stored in the “junk” folder of
your e-mail client.
“Your provisioning task has already been completed” error message: verify you opened the
latest self-enrollment message, and not an old one.
© Copyright Orange Business Services
75 of 102
end-user guide
Secure Authentication
how do I register my KT token?
1. With your KT token: memorize the serial number on the back of your token
1
.
2. Within your web browser: enter the serial number value in the “Serial Number” field
click on “Next” 3 .
SAS ENROLLMENT WEB SITE
2
and
KT TOKEN
1
Serial Number
2
3
Figure 64: register token serial
“There is no token matching the serial number provided” error message : close your browser,
click the self-enrollment URL link again, register your KT token again making sure the serial
number you enter is correct.
© Copyright Orange Business Services
76 of 102
end-user guide
Secure Authentication
how do I activate my KT token?
1. Within your web browser: memorize the displayed PIN Code 1 (it might be a fixed one,
and you have not the ability to know its type at this enrollment step), copy it and paste it in
the “OTP” field 2 .
2. With your KT token: press button 3 to both power on the token and generate a new Token
Code, then memorize the displayed Token Code 4 .
3. Within your web browser: enter the Token Code next to the PIN Code in the “OTP” field
then click on “Next” 6 .
SAS ENROLLMENT WEB SITE
5
KT TOKEN
3
4
PIN Code
1
5
2
PIN Code
6
Figure 65: activate token with PIN Code
“Authentication failed, enter your OTP again” error message: if your KT token is still on, press
and hold the button (approximately 3-4 seconds) on the token until the “-OFF-” prompt appears,
then release the button. Press button to power on the token again and generate a new Token
Code.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
The end of the process depends on the type of the KT token PIN Code.
© Copyright Orange Business Services
77 of 102
end-user guide
Secure Authentication
how do I complete installation process with user-selected PIN code?
Within your web browser: choose your PIN Code, enter it in the “New PIN” and “Verify PIN”
fields 1 then click on “Next” 2 . The enrollment web site displays a page that confirms your
MP token has been successfully activated. Memorize your User ID 3 , then click on “Close” 4
(when using Firefox you have to close the browser).
1
3
2
4
Figure 66: activate token with user selected PIN
“PIN change failed” error message: try to enter your new PIN Code again making sure to meet
complexity requirements displayed.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
how do I complete installation process with fixed PIN code?
Within your web browser: the enrollment web site displays a page that confirms your MP token
has been successfully activated. Memorize your User ID 1 , then click on “Close” 2 (when
using Firefox you have to close the browser).
1
2
Figure 67: activate token with user selected PIN
© Copyright Orange Business Services
78 of 102
end-user guide
Secure Authentication
how do I authenticate with my KT token?
You have the ability to test authentication with your MP token thanks to the SAS self-service
portal.
1. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and click on
the SAS self-service portal URL link 2 : your web browser will connect to the self-service
web site.
2. Within the SAS self-service portal: within the “Home” page click on “Sign In”
“Authenticate” page click on “Sign in using your token” 4 .
3
, within the
1
2
3
4
Figure 68: access to the SAS self-service portal sign in page
© Copyright Orange Business Services
79 of 102
end-user guide
Secure Authentication
3. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 and your PIN Code in the “OTP” field 2 .
4. With your KT token: press button 3 to both power on the token and generate a new Token
Code, then memorize the displayed Token Code 4 .
5. Within the SAS self-service portal: within the “Authenticate to Process” page paste the
Token Code value next to the PIN Code in the “OTP” field 5 , then click on “OK” 6 . The
“Sign Out” button 7 displayed within the “Home” page indicates your authentication is
successful.
SAS SELF SERVICE PORTAL
KT TOKEN
3
4
Token Code
1
5
2
6
PIN Code
End-user
7
Figure 69: authenticate
“Authentication failed, enter your OTP again” error message: if your KT token is still on, press
and hold the button (approximately 3-4 seconds) on the token until the “-OFF-” prompt appears,
then release the button. Press button to power on the token again and generate a new Token
Code.
© Copyright Orange Business Services
80 of 102
end-user guide
Secure Authentication
how do I change my PIN Code?
Within the SAS self-service portal: within the “Home” page, once authenticated (“Sign Out”
button must be displayed 1 ), click on “Reset PIN” 2 , within the “Create New PIN” page
choose a new PIN Code and enter it in the “Create New PIN” and “Verify PIN” fields 3 , then
click on “OK” 4 . Within the “Create New PIN” page a message indicates your PIN Code
change is successful 5 .
1
2
3
4
5
Figure 70: change PIN Code
If the self-service portal displays the “PIN does not meet complexity requirements.” Message:
Try to enter a new PIN again making sure to meet complexity requirements displayed.
If the self-service portal displays the “No tokens are enabled to change the Personal
Identification Number (PIN)” message:
Your KT token has a server fixed PIN Code, you can’t change it.
© Copyright Orange Business Services
81 of 102
end-user guide
Secure Authentication
how do I resynchronize my KT token?
1. Within your web browser: within the “Home” page click on “Resync Token”
“User” page enter your user ID in the “User ID” field 2 , click on “Next” 3 .
2. With your KT token: memorize the serial number on the back of your token
3. Within your web browser: enter the serial number value in the “Serial” field
“Next” 6 .
SAS ENROLLMENT WEB SITE
4
5
1
, within the
.
then click on
KT TOKEN
1
4
2
3
Serial Number
5
6
Figure 71: resynchronize token (1/2)
Resynchronization requires you to enter a “challenge” within your KT token.
4. Within the SAS self-service portal: within the “Challenge/Response” page memorize the
“Respond to challenge” value 1 .
© Copyright Orange Business Services
82 of 102
end-user guide
Secure Authentication
5. With your KT token: press button 2 power on the token, then use the button
and validate the digits of the “Respond to challenge” value:
3
to choose
press and hold the button (approximately 3-4 seconds) on the token until the “Init”
prompt appears, then release the button.
the token will cycle through a series of prompts: press the button while the “rESYNC”
prompt is displayed.
The digits will be displayed sequentially. For every digit of the resynchronization
challenge, press the button to accept the displayed digit.
After the last digit of the challenge is displayed, double-press the button.
Memorize the response value displayed by your token
4
.
6. Within the SAS self-service portal: within the “Challenge/Response” page enter the
response value in the “Response” field 5 , then click on “OK” 6 . Within the “Confirmation”
page a message indicates your token resynchronization is successful 7 .
SAS SELF SERVICE PORTAL
KT TOKEN
1
Challenge
3
2
4
Response
5
6
7
Figure 72: resynchronize token (2/2)
“The token cannot be synchronized” error message: try to resynchronize your MP token again,
making sure to copy/paste the right challenge/response values.
© Copyright Orange Business Services
83 of 102
end-user guide
Secure Authentication
GrIDsure token
In this chapter, you will find instructions for activating and managing your GrIDsure token.
what is a GrIDsure token?
GrIDsure is a way of providing an end-user the ability to generate a one-time password, without
requiring the end-user to have any additional hardware or software applications. GrIDsure
presents the end-user with a grid of cells containing random characters, from which the enduser selects their 'personal identification pattern' (PIP). Each time the end-user needs to
authenticate the grid will display a random / unique set of characters. The end-user then just
needs to remember their PIP and provide the specific characters within those cells that make
up their PIP in order to securely authenticate to the protected network resource.
Up until now, you’ve logged on with your User Name and Password. The problem is that
passwords are easily compromised, putting your identity and the resources you access at risk.
By using a MP token, you will be able to generate a “One-time Password” or “OTP”. As the
name implies, an OTP can only be used once. Each time you logon you will use your MP to
generate a new OTP.
how does it protect me?
Password theft is the single most common way thieves and hackers steal identities and gain
unauthorized access to networks and resources. While they have many ways to steal a
password, success depends on the stolen password being valid, much the way credit card
theft relies on the card being usable until you report it as stolen. The problem of course is that it
is almost impossible for you or the security professionals that manage your network to discover
your password has been compromised until long after damage has been done.
© Copyright Orange Business Services
84 of 102
end-user guide
Secure Authentication
GrIDsure displays a grid of cells containing random characters to an end-user. As shapes and
patterns are remembered more simply than words and numbers, GrIDsure involves the enduser to remember a sequence of cells in a pattern on the grid that is easily recognizable to
them.
The end-user chooses their “Personal Identification Pattern” (PIP) from the arrangement and
sequence of the cells from the grid:
Figure 73: how does it work 1/4
When the end-user is required to authenticate securely to a protected network resource, they
select the characters that match their PIP from the unique characters shown to them by the
grid.
Figure 74: how does it work 2/4
© Copyright Orange Business Services
85 of 102
end-user guide
Secure Authentication
In this example, the end-user's PIP would be a value of: 5582. This is seen in the highlighted
cells below. Therefore to authenticate, the end-user would enter 5582 as their one-time
password value. The next time the end-user needs to authenticate, the characters displayed by
the grid will be different, but the PIP remains the same. The end-user just needs to enter the
new characters in their PIP displayed by the grid.
Figure 75: how does it work 3/4
In this example, the end-user would now enter 0182 as their one-time password to
authenticate.
Figure 76: how does it work 4/4
© Copyright Orange Business Services
86 of 102
end-user guide
Secure Authentication
can anybody use my GrIDsure token?
Thanks to PIN Code protection, your GrIDsure token is protected against unauthorized use by
a PIN Code only you know. Again, much like a bank card or “Chip and PIN” credit card, the
thief not only needs access to your GrIDsure token but must know your PIN Code as well. Any
attempt to use the GrIDsure token with and incorrect PIN Code will fail. Successive attempts to
guess your PIN Code will automatically “lock” your GrIDsure token, effectively disabling it, giving
you and your network security professionals time to deal with the threat.
what kind of PIN Code is supported by GrIDsure token?
Server-side user-selected PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. You have the ability to change it at any time..
Server-side fixed PIN Code: the PIN Code is stored and managed at the Secure
Authentication server level. The PIN Code displayed during MP token installation is
permanent, you can not change it.
what are my responsibilities?
Using the GrIDsure token will not only provides security, it will simplify your life be reducing or
eliminating the need to remember or periodically change passwords. Your GrIDsure token will
do this for you, every time you logon. However, you do have a few simple obligations.
protect your PIN Code
You have to protect your PIN Code just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your PIN Code and you should never reveal it to them. Never write down your PIN Code.
what if I forget my PIN Code?
Contact your usual help desk. Upon verifying your identity they will be able to reset your PIN
Code.
what if my GrIDsure token is locked?
Contact your usual help desk. Upon verifying your identity they will be able to unlock your
GrIDsure token.
how long will my GrIDsure token continue to operate?
Your GrIDsure token will be able to generate OTPs until it is revoked by IT administrators.
© Copyright Orange Business Services
87 of 102
end-user guide
Secure Authentication
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect OTP. Never attempt to reuse a
Token Code and ensure that you enter the Token Code exactly as displayed on the token,
including any upper and lower case letters and punctuation that it may contain.
By default, your account will automatically lock for 15 minutes if more than 3 consecutive logon
attempts fail. You must wait this amount of time before your account will unlock. Contact your
usual help desk to resolve logon problems.
© Copyright Orange Business Services
88 of 102
end-user guide
Secure Authentication
how do I enroll with a GrIDsure token?
how do I access the enrollment web site?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and click on the selfenrollment URL link 2 : your web browser will connect to the Secure Authentication enrollment
web site.
1
2
Figure 77: self-enrollment link
© Copyright Orange Business Services
89 of 102
end-user guide
Secure Authentication
how do I create my PIP?
Within your web browser: select your PIP using the grid. Try to pick a pattern (here a b c d )
that would be not easily guessed by someone else. Memorize the displayed PIN Code 2 (this
might be your definitive one if the type of the PIN Code is fixed), then click on “Next” 3 . The
enrollment web site displays a page that confirms your MP token has been successfully
activated. Memorize your User ID 4 , then click on “Close” 5 (when using Firefox, you have to
close the browser ).
c
d
b
a
2
4
1
3
5
Figure 78: create PIP
If the enrollment web site displays the “PIP change failed” message:
Try to enter your new PIP again making sure to meet complexity requirements displayed.
If the enrollment web site displays the “You have failed to provide the correct response too
many times” message:
Contact your usual help desk.
Select your PIP using the grid. Try to pick a pattern (here a b c d ) that would be not easily
guessed by someone else. Enter the values corresponding to your pattern (here “RVZ2”) in the
“Enter Value” field 1 then click on “Next” 2 . The enrollment web site displays the last page
that confirms your GrIDsure token has been enabled. Memorize your User ID before clicking on
“Close” (when using Firefox, the “Close” button do not exist, you have to close your browser
instead).
© Copyright Orange Business Services
90 of 102
end-user guide
Secure Authentication
c
d
b
a
1
2
Figure 79: create PIP
“PIP change failed” error message: try to enter your new PIP again making sure to meet
complexity requirements displayed.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
© Copyright Orange Business Services
91 of 102
end-user guide
Secure Authentication
how do I authenticate with my GrIDsure token?
You have the ability to test authentication with your GrIDsure token thanks to the SAS selfservice portal.
1. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and click on
the SAS self-service portal URL link 2 : your web browser will connect to the self-service
web site.
2. Within the SAS self-service portal: within the “Home” page click on “Sign In”
“Authenticate” page click on “Sign in using your token” 4 .
3
, within the
1
3
2
4
Figure 80: access to the SAS self-service portal sign in page
© Copyright Orange Business Services
92 of 102
end-user guide
Secure Authentication
3. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
User ID in the “User ID” field 1 , leave the “OTP” field empty 2 , click on “OK / Get Grid” 3 ,
enter your PIN Code in the “OTP” field 4 , enter the values corresponding to your pattern
a b c d
(here “8675”) next to the PIN Code in the “OTP” field 5 then click on “OK” 6 .
The “Sign Out” button 7 displayed within the “Home” page indicates your authentication is
successful.
c
d
b
1
a
2
4
3
PIN Code
5
6
End-user
Figure 81: authenticate (common part)
“Your login attempt was not successful” error message: try to authenticate again, making sure
to enter your PIN Code followed by the Token Code generated by your MP token in the “OTP”
field.
The end of the authentication process depends on the type of the GrIDsure token PIN
Code.
© Copyright Orange Business Services
93 of 102
end-user guide
Secure Authentication
user-selected PIN Code
Within the SAS self-service portal: within the “Authenticate” page choose a new PIN Code and
enter it in the “New PIN” and “Confirm New PIN” fields 1 , then click on “OK” 2 . The “Sign
Out” button 3 displayed within the “Home” page indicates your authentication is successful.
3
1
2
Figure 82: authenticate (with server-side PIN Code)
fixed PIN Code
Within the SAS self-service portal: the “Sign Out” button
indicates your authentication is successful.
1
displayed within the “Home” page
1
Figure 83: authenticate (with fixed PIN Code)
© Copyright Orange Business Services
94 of 102
end-user guide
Secure Authentication
how do I change my PIN Code?
Within the SAS self-service portal: within the “Home” page, once authenticated (“Sign Out”
button must be displayed 1 ), click on “Reset PIN” 2 , within the “Create New PIN” page
choose a new PIN Code and enter it in the “Create New PIN” and “Verify PIN” fields 3 , then
click on “OK” 4 . Within the “Create New PIN” page a message indicates your PIN Code
change is successful 5 .
1
2
3
4
5
Figure 84: change PIN Code
© Copyright Orange Business Services
95 of 102
end-user guide
Secure Authentication
how do I change the PIP of my GrIDsure token?
Within the SAS self-service portal: once authenticated (“Sign Out” button must be displayed 1 )
click on “Reset PIP” 2 , within the “Select Pattern” page enter the values corresponding to your
new pattern a b c d (here “DWH7”) in the “Enter cell values” field 3 then click on “OK” 4 .
1
2
a
b
c
d
3
4
Figure 85: change token PIP
© Copyright Orange Business Services
96 of 102
end-user guide
Secure Authentication
Password
In this chapter, you will find instructions for activating and managing your password.
what is a password?
Single-factor authentication (SFA) is the traditional security process that requires a user name
and password before granting access to the user.
what are my responsibilities?
You do have a few simple obligations.
protect your password
You have to protect your password just as you would the PIN Code for your bank or credit card.
Never share it with anybody, including people you trust. Your usual help desk will never ask for
your password and you should never reveal it to them.
what if my password token is locked?
Contact your usual help desk.
how long will my password continue to operate?
Your password will continue to operate until it is revoked by IT administrators.
what should I do if I can’t logon using my token?
The most common cause of failed logon is entering an incorrect password. By default, your
account will automatically lock for 15 minutes if more than 3 consecutive logon attempts fail.
You must wait this amount of time before your account will unlock. Contact your usual help
desk to resolve logon problems.
© Copyright Orange Business Services
97 of 102
end-user guide
Secure Authentication
how do I enroll with a password?
how do I access the enrollment web site?
Within your e-mail client: open the “SAS Self-enrollment” message 1 , and click on the selfenrollment URL link 2 : your web browser will connect to the Secure Authentication enrollment
web site.
1
2
Figure 86: self-enrollment link
“SAS Self-enrollment” e-mail not received: verify if the mail is not stored in the “junk” folder of
your e-mail client.
“Your provisioning task has already been completed” error message: verify you opened the
latest self-enrollment message, and not an old one.
© Copyright Orange Business Services
98 of 102
end-user guide
Secure Authentication
how do I create my password?
Within your web browser: choose your password and enter it in the “Enter Password” and
“Confirm Password” fields 1 then click on “Next” 2 . The enrollment web site displays a page
that confirms your password has been successfully activated. Memorize your User ID 3 , then
click on “Close” 4 (when using Firefox, you have to close the browser ).
3
1
2
4
Figure 87: create password
“Complexity requirements not met” error message: try to enter your password again making
sure to meet complexity requirements.
“You have failed to provide the correct response too many times” error message: contact your
usual help desk.
© Copyright Orange Business Services
99 of 102
end-user guide
Secure Authentication
how do I authenticate with my password?
You have the ability to test authentication with your password thanks to the SAS self-service
portal.
1. Within your e-mail client: open the “SAS Self-enrollment” message 1 again, and click on
the SAS self-service portal URL link 2 : your web browser will connect to the self-service
web site.
2. Within the SAS self-service portal: within the “Home” page click on “Sign In”
“Authenticate” page click on “Sign in using your token” 4 .
3
, within the
1
2
3
4
Figure 88: access to the SAS self-service portal sign in page
© Copyright Orange Business Services
100 of 102
end-user guide
Secure Authentication
3. Within the SAS self-service portal: within the “Authenticate to Process” page enter your
user ID in the “User ID” field 1 and your password in the “OTP” field 2 , click on “OK” 3 .
The “Sign Out” button 4 displayed within the “Home” page indicates your authentication is
successful.
4
1
2
3
Figure 89: authenticate with password
“Your login attempt was not successful” error message: click on “Home” and try to
authenticate again, making sure to enter the correct password in the “OTP” field.
© Copyright Orange Business Services
101 of 102
end-user guide
Secure Authentication
what to do if I forget my password?
resend my password by e-mail
1. Within the SAS self-service portal: within the “Home” page click on “Sign In” 1 , within the
“Authenticate” page click on “Send Sign in password by e-mail” 2 , within the “Send
Password by E-mail” page enter you user ID in the “User ID” field 3 and click on “Send” 4 .
1
3
2
4
Figure 90: resend password by e-mail (1/2)
2. Within your e-mail client: open the “SAS Self-service Temporary Sign in Password”
message 1 , and click on the SAS self-service portal URL link: your web browser will
connect to the self-service web site.
1
1
Figure 91: resend password by e-mail (2/2)
As mentioned within the e-mail, you have to use this password to sign in within the next 10
minutes.
“Self-service Temporary Sign in Password” e-mail not received: verify if the mail is not stored in
the “junk” folder of your e-mail client.
how do I change my password?
You have not the ability to change your password yourself: you have to use the “Send sign in
password by e-mail” option from your SAS self-service portal instead.
© Copyright Orange Business Services
102 of 102
Related documents
Time to Correct Misunderstanding of Mouse
Time to Correct Misunderstanding of Mouse
USER MANUAL ADVANCED GROUP TOOL
USER MANUAL ADVANCED GROUP TOOL
User Manual Advanced Group Tool
User Manual Advanced Group Tool
LEO/LaGov User Manual - Louisiana State University
LEO/LaGov User Manual - Louisiana State University
ConCERTO LOGON Feature List
ConCERTO LOGON Feature List
User`s Guide - SmartPay Payment System
User`s Guide - SmartPay Payment System
Remote Access Portal RAP Service Mac Installation and User Guide
Remote Access Portal RAP Service Mac Installation and User Guide
User`s Manual for the Iluminar Learning Management System
User`s Manual for the Iluminar Learning Management System
(IN)SECURE Magazine
(IN)SECURE Magazine