Software OATH token
Scenario
This use case describes how to enroll a software-based OATH token using Fortified ID Enrollment.
When you finished the use case you will have logged in using our online IdP and created and associated an OATH software token to that user. Fortified ID Enrollment supports enrollment of multiple authenticator types, including software and hardware OATH tokens, FIDO2/passkeys, and the Fortified ID mobile app.
Fortified ID Enrollment acts as a SAML Service Provider (SP). User authentication is therefore performed by a configured SAML Identity Provider (IdP). The authentication method and policy are fully controlled by the IdP and are enforced before the enrollment process begins.
Notes:
Note 1: When enrolling a software OATH token, the user must authenticate to the Enrollment application prior to enrollment. This LINK provides an example configuration using Active Directory credentials (username/password).
Note 2: This use case does not cover how to configure Fortified ID Access to authenticate users using an OATH token. If that is your objective, refer to this LINK.
Note 3: In this scanraio we will use Fortified ID Online SAML IdP. If you after like to add the Enrollment application to your SAML IdP instead, follow the instructions in this LINK.
Prerequisite
Fortified Enrollment current version installed. Click this LINK to install instructions
Microsoft SQL Server
Microsoft SQL Server or Microsoft SQL Server Express
Microsoft SQL Server Management Studio (SSMS)
Important! Create manually a database called fortifiedid_enrollment. If fortifiedid_enrollment database exist, the Enrollment service will create all the tables needed when service start.
For this use case we use the sa account. Make sure the sa account has administrative rights to the database.
An OATH token app. Use Microsoft Authenticator, Google Authenticator, Fortified ID mobile, or any compatible mobile app that supports software OATH tokens.
Configuration
Before proceeding we assumes that Fortified ID Enrollment, the SQL database are already configured and operational.
Download and add new /customer folder to Enrollment
Stop the Fortified ID Enrollment service
Rename current drive:\..\FortifiedID\enrollment\customer folder to \customer_old The new folder will have an update configuration style which is recommended to use.
Download this ZIP containing new default configuration for Fortified ID Enrollment
Move the new /customer folder in the zip to drive:\..\FortifiedID\enrollment
The content of the ZIP-file is a new /customer folder. The customer folder includes preconfigured data to access Fortified ID online IdP and to write to SQL database. Below describes how to update configuration to map your environment.
Do not start the Fortified ID Enrollment service
Fortified ID Online IdP
FYI. No configuration is needed in this section. This use case include configuration to the Fortified ID Online IdP. So there is no need to configure this use case to your IdP to test enrolling for a Software OATH token. The metadata is included in a file called saml_idp_meta_data.xml.
In prereq there is a link how to connect the Fortified ID Enrollment SAML SP to your IdP.
Configure connection to your SQL database
globals.json in drive:\..\FortifiedID\enrollment\customer\config\
Update data to match your environment.
Save and close the file.
FYI. The configuration is linked in to the file drive:\..\FortifiedID\enrollment\customer\config\modules\tokensdb.json.
Do not start the Fortified ID Enrollment service
Enable method oathsw (OATH Software)
Open enrollment.json in ddd
Enable oathsw, see example below.
Save and close the file.
Test the use case
Start Fortified ID Enrollment service
Open a browser on the server
Choose Walter Bishop for example
Click Start
Add a name and scan the QR-code
Enter a one-time passcode and click Activate
Last updated