Summary
Guide for how to configure a soft token for second factor authentication for ECS Enterprise account.
How to configure a soft token for second factor authentication (2FA) to ECS Enterprise account
(Jump to solution)
If you decide to use soft tokens for authentication to the Entrust Certificate Management Service (CMS), you must install the Entrust IdentityGuard Soft Token application. Supported platforms include the following:
- I/OS (iPhone, iPad, iPod Touch) : iOS 3.0 or newer
- BlackBerry : Blackberry OS 4.2.1, 4.5.x, 4.6.x, 5.0.x, 6.0.x, 7.0.x, 7.1.x
- Android : version 1.6 or newer
- Windows Mobile : Windows Mobile OS 6.0, 6.1, 6.5.x with .NET compact Framework v3.5
- Java Phone : MIDP v2.0/CLDC 1.1, must support a minimum JAR file size of 400 KB
- Windows Desktop (32- & 64-bit) : Windows XP, Windows Vista, Windows 7 or newer
- Mac : OS X (10.6, 10.7, and 10.8.2 or newer)
There's a video for this guide. Watch the video here.
There are two parts to this solution:
1) Installing Entrust IdentityGuard Soft Token application
2) Configure the Entrust IdentityGuard Soft Token application for ECS Enterprise account login
Part 1 of 2 - Installing Entrust IdentityGuard Soft Token application
1. Download the Entrust IdentityGuard App through the mobile app store on your mobile device.
For Windows / Mac Desktop use the following URL:
https://www.entrust.com/mobile/info/all-downloads.htm
PLEASE NOTE:
You can also access the mobile app using the same link as the Windows Desktop link if the Mobile app store is unavailable.
2. Download and install Entrust IdentityGuard for Mobile or Soft Token application. Select the link that corresponds to your device. The
Apple
link takes you to the App Store to download the application. The
Android
,
BlackBerry, Java Phone
and
Windows Mobile
links download the application directly to your mobile device without redirecting you to an app store.
Note
: On Android, during the download, you will be asked whether you want the app to have a permission called "System tools: prevent phone from sleeping". You must allow this permission in order for the app to run as intended
Note
: On the BlackBerry, during the download, you may be asked whether you want to grant the app 'Trusted Application Status' or individual permissions. If you are asked to grant Trusted Application Status, answer Yes to allow the app to run as intended. If you are asked for individual permissions, answer Yes to the following permissions:
- Phone
- Internet
- Device Settings
- Media
Once downloaded, Entrust IdentityGuard appears in your list of applications. Entrust IdentityGuard Mobile on Android is displayed below. Other devices have a similar looking icon.
Part 2 of 2- Configure the Entrust IdentityGuard Soft Token application for ECS Enterprise account login
1. Log into your ECS Enterprise account:
https://login.entrust.net/IdentityGuardFederation/authentication/firstFactorAuthentication
2. Go to
Create > Device > Create Single Device Certificate
. You will see a message:
"You did not set your second factor authenticator yet. Please click continue below to obtain the required authenticators."
Select Continue.
3. Log in again as prompted and on the next screen select you are prompted to provide your mobile phone number.
Instead, select the option
"No, I will choose another option later
":
4. Set challenge Questions and Answers. Once completed, select
"Finish Registration"
and proceed. You will see a message:
"You did not set your second factor authenticator yet. Please click continue below to obtain the required authenticators."
Select Continue.
5. Log in again as prompted.
6. Answer the Security Question challenge.
7. The page below will load. Select
"Request a soft token"
.
8. When prompted
"Do you want to get a soft token for second factor authentication?"
, select Yes.
9. When prompted
"Have you downloaded and installed the Entrust IdentityGuard Mobile application onto your mobile device, or the Entrust Desktop Soft Token application"
, select Yes.
10. The following page appears:
(a) Open the Entrust IdentityGuard Soft Token application on your mobile device (or from the Start > All Programs > Entrust IdentityGuard Soft Token menu on Windows Desktop). The Add Identity page appears.
(b) Copy the highlighted information from the Self Service application page to the soft token as shown below. The Name field is automatically populated after adding the Address and switching to another field. Once the information has been entered, select Activate on the soft token application.
(c) Set the PIN that you want to use to protect access to the soft token. Re-enter it to confirm the PIN when asked.
(d) The soft token application displays the registration number.
(e) Switch back to the Self Service application page and click Next .
11. Copy the registration number from the soft token to the IdentityGuard Self Service page. Click
Next
.
You have successfully activated the soft token.
To test that the soft token has been properly configured
, log out of your ECS Enterprise account and log back in. Once back in your account, attempt to perform a secure action such as creating a certificate.
You will be prompted to answer a Challenge. To answer the Challenge, open your soft token (mobile or desktop application), enter your PIN to access the soft token, then enter the corresponding security shown on the soft token into the Challenge answer box:
A soft token that has been properly configured will provide an answer to the challenge that allows you to proceed in completing the secure action you have requested to make in your ECS Enterprise account.
If you have any questions or concerns please contact the
Entrust Certificate Services Support
department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE:
It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Country | Number |
Australia |
0011 - 800-3687-7863
1-800-767-513 |
Austria | 00 - 800-3687-7863 |
Belgium | 00 - 800-3687-7863 |
Denmark | 00 - 800-3687-7863 |
Finland |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
France | 00 - 800-3687-7863 |
Germany | 00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
Ireland | 00 - 800-3687-7863 |
Israel | 014 - 800-3687-7863 |
Italy | 00 - 800-3687-7863 |
Japan |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
Korea |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
Malaysia | 00 - 800-3687-7863 |
Netherlands | 00 - 800-3687-7863 |
New Zealand |
00 - 800-3687-7863
0800-4413101 |
Norway | 00 - 800-3687-7863 |
Singapore | 001 - 800-3687-7863 |
Spain | 00 - 800-3687-7863 |
Sweden |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
Switzerland | 00 - 800-3687-7863 |
Taiwan | 00 - 800-3687-7863 |
United Kingdom |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |