Skip to main content

Software and Hardware OTP Support

The One Time Passcode (OTP) authentication module implements two-factor identification (2FA) and multi-factor authentication (MFA) authentication to authenticate users when they are logging in to the BlockID Admin Console application. It provides a higher level of security than the traditional authentication method i.e. using username and password. The two-factor authentication method includes entering a username and password as a first factor and an OTP as a second factor.

OTPs are unique security tokens valid only for a single login session within a defined time. The OTP authentication module includes two ways of security tokens that generate the OTPs - Software OTP token and Hardware OTP token. The software tokens are software applications that generate OTPs and send them to end-users. The hardware tokens are in the form of a key fob that users carry with them.

In the OTP authentication module, the OTP gets generated on the authentication server and on the hardware or software token that the user possesses. If the OTP generated by the user’s token matches the OTP generated by the authentication server, the authentication will be successful and the user will be able to access the application.

List of Topics:

  1. Software OTP Support
  2. Hardware OTP Support
  3. Implementing OTP Authentication within the BlockID Admin Console

Perform the following steps to configure these two OTP token options provided within the OTP authentication module:

  1. Login to BlockID Admin Console, navigate to Administration Console > Auth Configuration > Authentication Modules.
  2. From the All Authentication Modules section, click on the Add this Module icon for the One Time Passcode module. The One Time Passcode module will be visible within the Enabled Authentication Modules section.
  3. Click on the Edit & Configure this Module icon for the enabled One Time Passcode module. The One Time Passcode window is displayed with the software and hardware OTP token configurations.

Software OTP Support

The software OTP options include Email OTP Delivery Configuration, SMS OTP Delivery Configuration, and passcodes generated within the BlockID mobile application for a user.

Email OTP Delivery Configuration

  1. In the Email OTP Delivery Configuration section, enter the following details to enable the Email OTP authentication option:
    • Protocol: Select the appropriate protocol type.
    • Auth: Select the TRUE or FALSE option.
      tip

      This will be configured by the client. This field will be dependent on the host that the client uses and whether it requires authentication. If it requires authentication, the username and password fields for authentication will be provided below.

    • Host: Enter the host URL <Protocol>.<Domain>.com from where the emails will be sent to authenticate users. For example, smtp.socketlabs.com.
    • Port: Select the desired port option from where the BlockID Admin Console will communicate with the host.
    • From Email Address: Enter the email address from which the email OTP will be sent to users.
      Note:

      This will be a prior SMTP configuration and may vary for each community.

    • Username: Enter the username of the email host server account.
    • Password: Enter the password of the email host server account.
    • Time Skew (in Seconds): Enter the time in seconds for an email OTP to be valid before expiration. Time Skew option shows the time allowed for the OTP to be valid before expiration. The default time is 30 seconds. The maximum time is 600 seconds.

SMS OTP Delivery Configuration

In the SMS OTP Delivery Configuration section, enter the following details to enable the SMS OTP authentication option:

  1. Account SID: Enter the account security identifier (SID) of your SMS sender service that will act as a username.
  2. Auth Token: Enter the authentication token of your SMS sender service that will act as a password.
  3. Phone Number: Enter the sender’s phone number from which the SMS OTPs will be sent to the end-users.

Hardware OTP Support

The Hardware OTP settings include the Hardware Token Configuration section.

Hardware Token Configuration

In the Hardware Token Configuration section, enter the following details to enable the Hardware OTP authentication option:

  • Domain: Enter the domain URL that is managing the hardware authentication.
Note:

Admin access is granted to the community admin on the Onespan server. The community admin can add/remove/bulk load tokens to a user account that is created on the Onespan server for the user(s). In the future, the Onespan function will be embedded into BlockID.

After adding the required OTP configuration within the One Time Passcode window, click Save.

Implementing OTP Authentication within the BlockID Admin Console

Configure One Time Passcode module within the Authentication Scheme:

  1. Login to the BlockID Admin Console and navigate to Administration Console > Auth Configuration > Authentication Scheme.
  2. Add a new authentication scheme or click Edit for the desired authentication scheme from the list.
  3. In the Add Authentication Modules section:
    • Select Modules: select otp.
    • Select Criteria: select required.
    • Click Save. The OTP module will be listed in the Enabled Authentication Modules in This Scheme list.

Login using OTP Authentication scheme:

  1. To use the OTP authentication scheme for user authentication, enter that authentication scheme name at the end of the application’s login URL in the following format: https://<Your BlockID Admin Console URL>/default/login?service=<OTP Auth Scheme name>.
  2. Enter the username and password details or click Login using BlockID. The Receive OTP Via screen displays with Email, SMS, Hardware OTP, and Already Have OTP options.
  3. Click Email: The email containing OTP will be sent to the user’s email address. OR
  4. Click SMS: The message containing OTP will be sent to the user’s phone number. OR
  5. Click Hardware OTP: Enter the serial number available on your hardware token. OR
  6. Click Already Have OTP:
    • Enter the passcode that keeps on generating in the user’s BlockID mobile application. OR
    • Enter the passcode that keeps on generating within the OTP application on the user’s Windows desktop.
  7. Click Login. If the OTP generated by the selected token matches the OTP generated by the authentication server, the authentication is successful, and a user is granted access to the BlockID Admin Console.
  • Software OTP Support
    • Email OTP Delivery Configuration
    • SMS OTP Delivery Configuration
  • Hardware OTP Support
    • Hardware Token Configuration
  • Implementing OTP Authentication within the BlockID Admin Console
    • Configure One Time Passcode module within the Authentication Scheme:
    • Login using OTP Authentication scheme: