Use other OATH compliant app than Pocket Pass

This document describes how to use a different OATH compliant app than Pocket Pass with PhenixID Server

Configuration

The webapps Self Service and / or MFA Admin are used for token enrollment.

The Self Service and MFA Admin web apps has to be configured without the "Online Key Provisioning" option in order to support other OATH compliant apps.

The enrollment process will be the same for users with and users without Pocket Pass.

Considerations when using other apps than Pocket Pass

Although PhenixID do support other OATH compliant apps than Pocket Pass, there are a few gotchas that needs to be considered. These are features that only will be supported when using Pocket Pass

  • The Pocket Pass profile can be branded with a customer look and feel
  • Pin code settings can be forced and managed from the back end
  • Make sure the token only is used on one device. If multiple devices are needed, multiple enrollments have to be done

Example of OATH Compliant apps

  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • + many more