Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2012-12-19 15:00:27.0

TN 8619 - How do I configure a soft token for second factor authentication to Entrust CMS?

Question:

How do I configure a soft token for second factor authentication to Entrust CMS?

Answer:

If you decide to use soft tokens for authentication to the Entrust Certificate Management Service (CMS), you must install the Entrust IdentityGuard Soft Token application. Supported platforms include the following:

  • I/OS (iPhone, iPad, iPod Touch) : iOS 3.0 or greater
  • BlackBerry : Blackberry OS 4.2.1, 4.5.x, 4.6.x, 5.0.x, 6.0.x, 7.0.x, 7.1.x
  • Android : version 1.6 or greater
  • Windows Mobile : Windows Mobile OS 6.0, 6.1, 6.5.x with .NET compact Framework v3.5
  • Java Phone : MIDP v2.0/CLDC 1.1, must support a minimum JAR file size of 400 KB
  • Windows Desktop (32- & 64-bit) : Windows XP, Windows Vista, Windows 7
  • Mac : OS X (10.6, 10.7, and 10.8.2 or newer)


Part 1 - Installing Entrust IdentityGuard Soft Token application

1. Download the Entrust IdentityGuard App through the mobile app store on your mobile device.

For Windows / Mac Desktop use the following URL: http://www.entrust.com/mobile/info/download.php

PLEASE NOTE: You can also access the mobile app using the same link as the Windows Desktop link if the Mobile app store is unavailable.


2. Download and install Entrust IdentityGuard for Mobile or Soft Token application. Select the link that corresponds to your device. The Apple link takes you to the App Store to download the application. The Android, BlackBerry, Java Phone and Windows Mobile links download the application directly to your mobile device without redirecting you to an app store.


Note: On Android, during the download, you will be asked whether you want the app to have a permission called "System tools: prevent phone from sleeping". You must allow this permission in order for the app to run as intended

Note: On the BlackBerry, during the download, you may be asked whether you want to grant the app 'Trusted Application Status' or individual permissions. If you are asked to grant Trusted Application Status, answer Yes to allow the app to run as intended. If you are asked for individual permissions, answer Yes to the following permissions:

- Phone
- Internet
- Device Settings
- Media


Once downloaded, Entrust IdentityGuard appears in your list of applications. Entrust IdentityGuard Mobile on the iPhone is displayed below. Other devices have a similar looking icon.




Part 2 - Configure the Entrust IdentityGuard Soft Token application for CMS login

1. Access the Entrust IdentityGuard Self Service application at the following link: https://enroll.entrust.net/IdentityGuardSelfService

2. Login using your CMS User Name and Password.




3. Answer the challenge questions.




4. Click on the option I'd like to request a soft token.




5. Confirm you wish to get a soft token by clicking Yes.




6. Confirm you have installed the Entrust IdentityGuard Soft Token application on your mobile device or desktop as described in Part 1 of this technote by clicking Yes.




7. After confirming that you have installed Entrust IdentityGuard Mobile or Soft Token, the following page appears.



(a) Open the Entrust IdentityGuard Soft Token application on your mobile device (or from the Start > All Programs > Entrust IdentityGuard Soft Token menu on Windows Desktop). The Add Identity page appears.




(b) Copy the highlighted information from the Self Service application page to the soft token as shown below. The Name field is automatically populated after adding the Address and switching to another field. Once the information has been entered, select Save on the soft token application.



(c) Set the PIN that you want to use to protect access to the soft token. Re-enter it to confirm the PIN when asked.




(d) The soft token application displays the registration number.




(e) Switch back to the Self Service application page and click Next.


8. Copy the registration number from the soft token to the IdentityGuard Self Service page. Click Next.




9. The IdentityGuard Self Service application displays other self service option. The soft token is ready for use. To test the soft token, click the option Log into Certificate Management Service.




10. On the CMS login page, enter your Username and Password and click Login.




11. The CMS soft token challenge is presented.


(a) Open the Entrust IdentityGuard Soft Token application. The graphic below shows Entrust IdentityGuard Mobile for the iPhone. A similar icon appears on other device types.




(b) Enter the PIN from step 7(c) above to access the application.



(c) A security code screen appears. Enter the code into the Security Code field in the CMS login page and click Submit.




12. The Management Dashboard should appear indicating successful login to the CMS portal.





Affected Products:

  • Entrust Certificate Services SSL Mgmt Service Account - Non-Pooling Version Not Applicable ALL Platform Not Applicable