One of the difficulties in managing a strong authentication system is taking care of the assignment and activations of tokens to users. As well, inventory control of large quantities of hardware tokens can make deployment difficult and costly within an organization. AuthAnvil Two Factor Auth includes a Self Service Portal that eliminates this problem by automating the issuing, self-enrollment and activation of tokens to authorized users. Once a user has been authorized to use the Self Service Portal, they will receive an email with a URL to the site. Included in that email is a one-time activation PIN that will allow a user to assign and activate their token during the enrolment process. This removes the tedious process of having to look for specific individual tokens and manually assign them to users; now you can simply grab any unassigned token and give it to the user.
The AuthAnvil Self Service Portal that users will access is available at: https://Your FQDN)/AuthAnvil/SelfService. It is highly recommended that the site only be used over SSL to help protect the user's PIN.
When new users are created, you have the option to enable Self-Enrollment, and an email will be sent to them with instructions on using the Self Service Portal. Once they successfully enroll, their account will be set as active and no longer will be able to self-enroll again.
The Self service portal allows users to complete the following tasks without any administrator intervention required:
- Enroll their token: When a user receives a self-enrollment email, it contains an serial number (for SoftTokens) and an activation PIN that they can use to enroll their token on this site, activating it and authorizing it for use on this AuthAnvil Two Factor Auth server.
- Test their token: This feature allows a user to do a test authentication against the AuthAnvil Two Factor Auth server, ensuring that their token is in working order and that they have the correct PIN.
- Change their PIN: As long as they know their existing PIN and have a token, a user can change their PIN to a 4 to 8 digit value of their choice.
- Resynchronize their token: If an AuthAnvil Token generates more than 15 one time passwords without authenticating against the AuthAnvil Two Factor Auth server, the token will get out of sync. This feature allows a user to resynchronize their token to get it back into sync with the server.
- Report their token as lost or stolen: If a user loses their token, and they report it here, it will lock the token within the system, ensuring that it cannot be used to log into the system. A new token can then be issued to the user at the administrator's convenience.