Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-03-30 08:53:16.0

How do I set up second-factor authentication for my ECS Enterprise account?

Article Number: 46348

User-added image

How to configure a soft token for second factor authentication (2FA) to ECS Enterprise account

(Jump to solution)

If you decide to use soft tokens for authentication to the Entrust Certificate Management Service (CMS), you must install the Entrust IdentityGuard Soft Token application. Supported platforms include the following:

  • I/OS (iPhone, iPad, iPod Touch) : iOS 3.0 or newer
  • BlackBerry : Blackberry OS 4.2.1, 4.5.x, 4.6.x, 5.0.x, 6.0.x, 7.0.x, 7.1.x
  • Android : version 1.6 or newer
  • Windows Mobile : Windows Mobile OS 6.0, 6.1, 6.5.x with .NET compact Framework v3.5
  • Java Phone : MIDP v2.0/CLDC 1.1, must support a minimum JAR file size of 400 KB
  • Windows Desktop (32- & 64-bit) : Windows XP, Windows Vista, Windows 7 or newer
  • Mac : OS X (10.6, 10.7, and 10.8.2 or newer)


Solution

There's a video for this guide. Watch the video here.



There are two parts to this solution:
1) Installing Entrust IdentityGuard Soft Token application
2) Configure the Entrust IdentityGuard Soft Token application for ECS Enterprise account login

 

1. Download the Entrust IdentityGuard App through the mobile app store on your mobile device.

For Windows / Mac Desktop use the following URL: https://www.entrust.com/mobile/info/all-downloads.htm

PLEASE NOTE: You can also access the mobile app using the same link as the Windows Desktop link if the Mobile app store is unavailable.

2. Download and install Entrust IdentityGuard for Mobile or Soft Token application. Select the link that corresponds to your device. The Apple link takes you to the App Store to download the application. The Android, BlackBerry, Java Phone and Windows Mobile links download the application directly to your mobile device without redirecting you to an app store.

User-added image
Note: On Android, during the download, you will be asked whether you want the app to have a permission called "System tools: prevent phone from sleeping". You must allow this permission in order for the app to run as intended

Note: On the BlackBerry, during the download, you may be asked whether you want to grant the app 'Trusted Application Status' or individual permissions. If you are asked to grant Trusted Application Status, answer Yes to allow the app to run as intended. If you are asked for individual permissions, answer Yes to the following permissions:

- Phone
- Internet
- Device Settings
- Media

Once downloaded, Entrust IdentityGuard appears in your list of applications. Entrust IdentityGuard Mobile on Android is displayed below. Other devices have a similar looking icon.

User-added image
 

Part 2 of 2- Configure the Entrust IdentityGuard Soft Token application for ECS Enterprise account login

1. Log into your ECS Enterprise account: https://login.entrust.net/IdentityGuardFederation/authentication/firstFactorAuthentication
User-added image

2. Go to Create > Device > Create Single Device Certificate. You will see a message:
"You did not set your second factor authenticator yet. Please click continue below to obtain the required authenticators." Select Continue.

3. Log in again as prompted and on the next screen select you are prompted to provide your mobile phone number.
Instead, select the option "No, I will choose another option later":

User-added image

4. Set challenge Questions and Answers. Once completed, select "Finish Registration" and proceed. You will see a message:
"You did not set your second factor authenticator yet. Please click continue below to obtain the required authenticators." Select Continue.

5. Log in again as prompted.

6. Answer the Security Question challenge.

7. The page below will load. Select "Request a soft token".

User-added image
8. When prompted "Do you want to get a soft token for second factor authentication?", select Yes.

9. When prompted "Have you downloaded and installed the Entrust IdentityGuard Mobile application onto your mobile device, or the Entrust Desktop Soft Token application", select Yes.

User-added image

10. The following page appears:

User-added image

(a) Open the Entrust IdentityGuard Soft Token application on your mobile device (or from the Start > All Programs > Entrust IdentityGuard Soft Token menu on Windows Desktop). The Add Identity page appears.

(b) Copy the highlighted information from the Self Service application page to the soft token as shown below. The Name field is automatically populated after adding the Address and switching to another field. Once the information has been entered, select Activate on the soft token application.

User-added image

User-added image

(c) Set the PIN that you want to use to protect access to the soft token. Re-enter it to confirm the PIN when asked.

User-added image

(d) The soft token application displays the registration number.

User-added image

(e) Switch back to the Self Service application page and click Next.


11. Copy the registration number from the soft token to the IdentityGuard Self Service page. Click Next.

User-added image

You have successfully activated the soft token.

To test that the soft token has been properly configured, log out of your ECS Enterprise account and log back in. Once back in your account, attempt to perform a secure action such as creating a certificate.

You will be prompted to answer a Challenge. To answer the Challenge, open your soft token (mobile or desktop application), enter your PIN to access the soft token, then enter the corresponding security shown on the soft token into the Challenge answer box:

User-added image
A soft token that has been properly configured will provide an answer to the challenge that allows you to proceed in completing the secure action you have requested to make in your ECS Enterprise account.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE:?It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 

CountryNumber 
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863 
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8619

Affected Products:

  • Entrust Certificate Services SSL Mgmt Service Account - Non-Pooling Version Not Applicable ALL Platform Not Applicable