VASCO Hardware OATH Tokens

When more than one factor is required for accessing resources, you can set up VASCO Hardware OATH tokens and assign them to a Person's account in EmpowerID for use when logging into EmpowerID.

When hardware tokens are purchased from a vendor such as VASCO, the vendor provides the purchaser with an XML file containing information about each token and an encrypted seed key to use.

Import OATH Tokens into EmpowerID

  1. On the navbar, expand Admin > Miscellaneous and click Things To Do.
    This opens the Verbs page, which contains tiles related to things you can do in the Web interface.



  2. Click the Create tile and then click One-Time Password Tokens > Import Hardware Tokens.

     

    This starts the ImportOathTokens workflow and opens the Import Oath Token form.

     

  3. Enter the following information in the form and then click Submit.

    • Tokens File Format – elect Portable Symmetric Key

    • File Location – Enter the local path to the XML file for the hardware OATH tokens

    • Encryption Key – Enter the encryption seed key provided by the hardware token vendor

  4. Click OK to close the Tokens imported successfully page.

Issue OATH Token to a Person

  1. On the navbar, expand Admin > Miscellaneous and click Things To Do.

  2. Click the Create tile and then click One-Time Password Tokens > Assign Token to Person.

     

  3. In the Select Person lookup that appears, enter the EmpowerID Logon of the person to whom you want to assign the token in the Search field and press ENTER or click the Search button.

  4. Click the record for the person to select it and then click Submit.

     

  5. In the Available Oath Tokens page that appears, select a VASCO hardware token and click Submit.

  6. Click OK to close the Token Assigned Successfully message.

Test the OATH Token

To use multi-factor authentication with the VASCO hardware OATH token, second factor authentication must be required. Set it in the Advanced tab of the Person account, or apply a password policy that requires second factor authentication to the Person account.

  1. Log into the Web portal using the credentials of the person to whom you just assigned the token. 

  2. On the Enter Security Code screen that appears, type the six-digit security code generated by the VASCO hardware OATH token when you pressed the button on the token.

  3. Click Verify to continue.

  4. You are authenticated and redirected back to the home page of the Web application.

IN THIS ARTICLE