Registering and Issuing Vasco Hardware OATH Tokens

When more than one factor is required for accessing resources, you can set up Vasco Hardware OATH tokens and assign them to a Person's account in EmpowerID for use when logging in to EmpowerID.

This topic describes how to register and issue Vasco hardware OATH tokens and is divided into the following activities:

To Import OATH Tokens into EmpowerID

When hardware tokens are purchased from a vendor such as Vasco, the vendor provides the purchaser with an XML file containing information about each token and an encrypted seed key to use.
  1. From the server hosting EmpowerID, log in to the EmpowerID Web application as an administrator.
  2. From the Navigation Sidebar, navigate to the Verbs page by expanding Other and clicking Things To Do.
  3. From the Verbs page, start the ImportOathTokens workflow by clicking the Create > One-Time Password Tokens > Import Hardware Tokens tiles.
  4. In the Import Oath Token form that appears,do the following:
    1. Select Portable Symmetric Key from the Tokens File Format drop-down.
    2. Type the path on your machine where the XML file for the hardware OATH tokens is located in the File Location field.
    3. Type the encryption seed key provided by the hardware token vendor in the Encryption Key field.
    4. Click Submit.

  5. Click OK to close the Tokens imported successfully page.

To Issue a Hardware OATH Token to a Person

  1. From the server hosting EmpowerID, log in to the EmpowerID Web application as an administrator.
  2. From the Navigation Sidebar, navigate to the Verbs page by expanding Other and clicking Things To Do.
  3. From the Verbs page, start the AssignTokenToPerson workflow by clicking the Create > One-Time Password Tokens > Assign Token to Person tiles.
  4. In the Select Person lookup that appears, type the EmpowerID Logon of the person to whom you want to assign the token in Search field and then press ENTER or click the Search button.
  5. From the grid, click the record for the person and then click Submit.
  6. In the Available Oath Tokens page that appears, select the appropriate Vasco hardware token and click Submit.
  7. Click OK to close the Token Assigned Successfully message.

To test the OATH Token

To use multi-factor authentication with the Vasco hardware OATH token, make sure that second factor authentication is required either by setting it in the Advanced tab of the Person account, or by applying a password policy that requires second factor authentication to the Person account.
  1. Log in to the EmpowerID Web application using the credentials of the Person to whom you just assigned the token. Please note that second factor authentication must be set on the person.
  2. On the Enter Security Code screen that appears, type the six-digit security code generated by the Vasco hardware OATH token when you pressed the button on the token and click Verify to continue.
  3. Click Verify to continue.
  4. You should be authenticated and redirected back to the Home page of the EmpowerID Web application.