Manage Entrust Soft Token

An Entrust Soft Token is an authentication token provided by Entrust Datacard for authentication. When assigned to a user, Instant ID as a Service requires that users who have been assigned this authenticator provide a specific challenge response generated by the Entrust Soft Token application. A user using a mobile device with an Internet connection can also leverage an enhanced Entrust ST feature called "Push Notification." Push Notification automatically prompts the user to authenticate on their mobile device when they authenticate on Instant ID as a Service.

A user can have multiple Entrust Soft Tokens. For example, if a user with multiple mobile devices might want to add an Entrust Soft Token to each one.

Administrators can assign Entrust Soft Tokens to users using the following methods:

  • Automatically assign users an Entrust Soft Token. If the user has an email address, the user receives an email with instructions to activate their Entrust ST tokens. Refer to Manage General Authenticator Settings for information on automatically assigning Entrust Soft Tokens to users.
  • Add an Entrust Soft Token to a user's profile

Users can also add Entrust Soft Tokens to their accounts

Note: Before assigning authenticators to users, review the authenticator settings and change them as required.

Modify Entrust Soft Token Authenticators

  1. Click Main Menu > Administration > Policies > Authenticators. The Authenticators page appears.
  2. Select Entrust Soft Token from the left-side menu. The Entrust Soft Token settings page appears.
  3. Select 6 or 8 as the number of digits in the OTP generated by the token.
  4. (Optional) Select PIN Required if you want users to enter a PIN to access the OTP.
  5. Set the Max. Time Steps to the amount of time (in 30 second intervals) that the token response is valid. The default is 10 (5 minutes).
  6. Set the Max. Reset Time Steps to the amount of time (in 30 second intervals) for a token reset. The default is 120 (60 minutes), which is the allowable time difference between the soft token and the server clocks.

    Note: If the token reset does not work, try increasing the Max. Time Steps and then try to reset the token again. If the problem continues, contact the Entrust Datacard Support Team.

  7. Enter the Activation Password Length to set number of characters that can be included in the password assigned to a user.
  8. Enter the Activation Lifetime to set the amount of time in seconds that a user has to activate their Entrust Soft Token.
  9. Select Allow Unsecure Device to allow the Entrust Soft Token to run on an unsecured device (such as custom ROM Androids or jail-broken iOS devices).
  10. Select Soft Token Facial Recognition Allowed to allow authentication using the mobile Soft Token facial recognition.
  11. Select the activation methods to include in the Entrust Soft Token Activation Email. You must select at least one option.
  12. Select the Enable Mutual Challenge check box to prompt mutual challenge on transactions.
  13. Click Save.

Next you need to assign, add, and activate Entrust Soft Tokens. Refer to the following topics: