Post-activation: device binding with standard licenses

Once Mobile Authenticator Studio has been activated locally, the server must receive the information to ensure that both parties are synchronized. The regeneration of the derivation code for device binding is an enhancement of the regular server activation process and is a Mobile Authenticator Studio post-activation process.

The post-activation process starts right after Mobile Authenticator Studio has been activated on the device. It is enabled in the post-activation section of the application’s configuration file. It serves, amongst other purposes, to synchronize the server and the device.

Device binding: regenerate the derivation code

The post-activation process can also be used to regenerate the derivation code for device binding. During device binding the authenticator on a device is bound to its BLOB on the server by injecting the device seed in the authenticator's BLOB. Because this seed is used by the Mobile Authenticator Studio app to generate responses, only the authenticator installed on the bound device will generate valid responses.

Device binding

If the Mobile Authenticator Studio app is configured to allow device binding, the user can start this process in the app’s Manage accounts screen.

To bind the device

1. The user taps the three dots at the top of the screen to access the menu and tap the Manage accounts option.

2. From the list of activated accounts, the user selects an account and taps the adjacent three dots icon.

3. The user taps Generate derivation code in the drop-down menu.

4. The user is prompted to authenticate via PIN or biometrics.

5. After successful authentication, the Mobile Authenticator Studio app displays the derivation code and prompts the user to link this device to their account.

6. The user enters the derivation code on the relevant web page to submit it to the authentication server.

7. The user taps Done to complete the action, and is taken back to the Manage Accounts screen.