One Touch must be configured before One Touch support can be enabled in OTP Admin and Self Service.
One Touch is a mobile application and a PhenixID Server configuration for issuing end user certificates and for creating and verifying end user signature transactions (assignments). One Touch can be used in a multifactor authentication (MFA) scenario.
Before a user can use One Touch, he must be enrolled. One Touch enrollment can be done in Self Service (end users) or in OTP administration (administrators).
PhenixID Server will need access to the following services:
Apple: gateway.push.apple.com:2195 (TLS)
If SSL is enabled for incoming traffic, the certificate must be issued by a certificate authority that is trusted by the devices that will have One Touch application installed.
If a proxy is used the following rules has to be configured.
ProxyPass /otpenrollment/otpenrollment/onetouch/provision http://localhost:8444/otpenrollment/otpenrollment/onetouch/provision ProxyPassReverse /otpenrollment/otpenrollment/onetouch/provision http://localhost:8444/otpenrollment/otpenrollment/onetouch/provision ProxyPass /push http://localhost:8444/push ProxyPassReverse /push http://localhost:8444/push ProxyPass /pki http://localhost:8444/pki ProxyPassReverse /pki http://localhost:8444/pki
Specify the name of the issuer. This is a logical name used for telling different identities a part on the device.
Issuer name is displayed on the One Touch client. Use a name that maps to the organisation or service.
One Touch communication settings
Specify how One Touch is reached from the device network (i.e Internet). It is also possible to bind One Touch to a custom port.
External address for accessing PhenixID server. This address needs to be accessible to One Touch clients.
The endpoint setting will be the URL prefix used by PhenixID Server to build the complete URL, that will then be used by the One Touch clients.
Additional settings: Enable customized settings such as custom port and HTTP scheme, HTTP/HTTPS
Port: The custom listener port if other than default port is used. If specified, the One Touch module will open and listen to a new/different port than the rest of the modules deployed.
SSL: Enable use of SSL/TLS on custom port. If SSL is enabled, the certificate must be issued by a certificate authority that is trusted by the devices that will have One Touch application installed.
Please see example configuration below.
Enable push notifications for One Touch. If enabled, the device will receive a notification when pending assignments exist.
Use push notifications to notify users of pending One Touch assignments
In the example above, the prefix that will be used by the server to generate the complete URL will be: https://onetouch.org.com/
With this configuration the communication from the One Touch client will be passed directly to the PhenixID Server using https. Without any reverse proxy in between.
In the example above, the prefix that will be used by PhenixID Server to generate the complete URL will be:: https://external.org.com/onetouch
With this configuration the communication from the One Touch client will use https to a proxy server, and the communication will then continue to Phenix ID Server using http on port 8444.