PhenixID One Touch Enrollment

Start guide

PhenixID One Touch Enrollment allow users to activate themselves for strong authentication with one-time password (OTP), using PhenixID One Touch application. The activation portal reduces user interaction to an absolute minimum.

In this guide you will configure:

  • Configure a connection to the LDAP store where the users are located
  • Enable One Touch activation portal

Start the guide by clicking the '+' sign next to One Touch Enrollment.

Guide steps

You navigate the guide using the previous and next buttons at the bottom of the page. You can also choose to cancel the guide at any time (information entered will be lost).

Guide steps

User store selection

Select an existing connection to an LDAP user store or create a new connection.

To create a new connection, follow the steps in the LDAP connection guide.

Search settings

Manually enter the search base to use or select it by using Choose . Search base is the starting point in the directory tree structure from where searches are made. Search is done with scope "SUB". This value is mandatory with LDAP DN as required syntax.

Also enter the attribute identifying your users (like uid, mail or samaccountname).

Network settings

Configure the external URL

  • External URL is a prefix used for building callback URLs for use by the One Touch client to enroll and to fetch assignments. The  prefix may be the actual endpoint of PhenixID server, but can also be a  logical endpoint redirected to the actual server by a firewall or a  reverse proxy.
    Using a firewall or reverse proxy for the traffic is strongly recommended.
    Choose the URL with care since this value can not be changed for activated clients.
    External URL for One Touch is used both for activation and for normal operations.
    The URL needs to be accessible from the devices using One Touch, SSL should be used.
    Example:
    https://ot.company.com

    Please be aware that the certificate used, must come from a CA that is trusted by the devices using One Touch.

One Touch settings

Enable push notifications

  • Use device push notifications enables support for sending push notifications to mobile devices. Used for notifying users of pending assignments.

Summary

Click Create to complete the scenario.

The activation portal can now be found at the URI displayed below.

Example:
https://dnsnameofPhenixIDServer:8443/activateonetouch

Activation portal

Log in to the portal with username and password against the user store.

Multifactor authentication can be added to the login scenarion.
More information can be found here:
Activate One Touch - Username, Password and OTP

When logged in, enrollment can be made for One Touch profile(s).