Integration of Offline User Registration and Authenticator Activation
  • 15 Oct 2024
  • 1 Minute à lire
  • Sombre
    Lumière

Integration of Offline User Registration and Authenticator Activation

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

This type of registration is used to activate an authenticator that supports Cronto (e.g. the Digipass 7xx series). Once the device is activated, it can be used to generate a one-time password (OTP) to log in or a signature for transaction validation.

As prerequisite for the offline registration and activation you need to have an authenticator that supports Cronto in your tenant’s domain.

Sequence of an offline activation

  1. The user initiates the registration. They provide the serialNumber and activationType parameters as offlineMDL parameter in the payload with a userRegister call. The response includes the following parameters:

    • registrationID

    • activationPassword.

  2. The activationPassword parameter is sent to the Visual Codes service to display a Cronto image to the user.

  3. When the user scans the Cronto image, they receive a device code on their device (e.g. hardware Digipass from the 7xx series) or any software authenticator.

  4. To add the device to the Authenticator Provisioning service, use the registration ID obtained in step 1 and the device code obtained in step 3.

  5. Send Activation Message 2 from the output to the Visual Codes service to get the second Cronto image.

  6. The user scans this Cronto image to obtain the signature on the Cronto device.

  7. To activate the device, use the registration ID obtained in step 1, the device code obtained in step 3, and the signature obtained in step 6.

The POST /users/register endpoint validates if a license activation is available for the multi-device licensing (MDL) provisioning process of an authenticator. If there are not enough activations available for the MDL license, the endpoint returns the following error message: 409 License activation limit reached..

To avoid replay attacks, you can restrict the maximum number of authenticators assigned to a user for specific authenticator types. This applies to single-device licensing (SDL) and multi-device licensing (MDL) authenticators, and authenticator instances (MDL only). For more information, see Authenticator management.

For a complete description of the required input and/or output data of the relevant operations see the following:


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle