AuthControl Mobile MSP iOS

Overview

This article describes functionalities, configuration and behaviour of the AuthControl Mobile Sentry (AMM) application for iOS platform. AMM is an application that works with PIN Online, PIN Offline and PUSH policies and can be provisioned in one single device. Expected behaviors are detailed on the functional procedures section in this article.

Features

Request help

After provisioning the application, users can navigate to the Others info and request administrator help via email or via call.

Logging

Swivel Secure applications have now been implemented with logging which helps both users and administrators to tackle any possible issues with local and/or external integrations.

View settings

After provisioning the application, users can navigate to the Others info and check Show settings for configuration details.

PIN Online feature

PIN Online policy provisions AMM so that the OTC will always be requested by the application and Sentry Core will provide it in real time. User can request Update Codes as many times as desired.

PIN Offline feature

PIN Offline policy provisions AMM so that the 99 OTCs will be stored locally in the application and Sentry Core also has this already calculated and stored. User can navigate the OTCs and if so, the OTC index should also be part of the input for login. User can request Update Codes as many times as desired.

PUSH notification feature

PUSH policy provisions AMM so that users will receive a YES or NO notification in the application to allow (or not) login.

PIN Online + PUSH and PIN Offline + PUSH

AMM accepts a combination of PUSH and PIN policies which will be explained in more details in this document.

OATH + PUSH

AMM accepts a combination of OATH and PUSH policies which will be explained in more details in this document. Taking in consideration that this policy is not the same as OATH policy, users will not be able to provision the same provision code in different devices. This policy is restricted to one device.

Multiple Appliances and/or Users Provisioning

AMM accepts more than 1 appliance provision and different users from the same appliance. This feature allows different users with different roles to be provisioned in the same application.

External Entities

AMM accepts provision for external entities such as Google, Facebook, LinkedIn, etc.

Requirements

  • AuthControl Sentry 4.1.2 or higher
  • The Swivel virtual or hardware appliance must be reachable from the mobile phone to receive security codes
  • Valid certificate on the Swivel server or non SSL, but not a self signed certificate

App Installation and Configuration

The AMM application is available from the Apple App Store. You can click on the link below to open the App within the Apple App Store.

AuthControl Mobile Sentry

alternate text

Downloading the App via the Provision Email

  • When you open the App Provision email a link to the App Store will be presented.
  • Alternatively if you open the App Provision on the device and press Activate, you will see a button ‘Get The App’, which will also take you to the App Store.

Initial Steps

When first downloading and setting up AMM mobile application, you will be asked to grant the AMM app certain permissions. Below you find explanations for why each of these permissions is required by the app.

Camera Permission

alternate text

AMM requires camera access to a user’s mobile for when the provision QR code is sent to the user. The QR code makes the provisioning quicker and smoother.

Biometrics Permission

alternate text

AMM requires biometrics and/or PIN permissions to secure information. The mobile is either corporate or carries corporate information, the phone must have the least security set up.

Notification Permission

alternate text

AMM requires notification permission to work with PUSH notifications and alert users that use this functionality as part of their MFA configuration.

alternate text

In order to have a fast operative and smooth experience with the application, please provide it all requested permissions.

AMM Configuration PIN + PUSH

SSD Server Configuration for PIN + PUSH

This configuration is performed by Swivel Secure team on deployment. Policy for AMM is to be set as PIN + PUSH (if PUSH is required) in the server.

Sentry Policy Configuration

Sentry Policy > Mobile App. Then set tag Mobile App Local Mode to YES and Mobile App OATH Mode to NO.

_images/policyAMM.gif

Group Creation and Messaging Configuration

This configuration is related to the PUSH notification. Please read and follow these instructions carefully in order to have PUSH working properly in your AMM application.

Create a group in Repository > Groups for users that will provision AMM application:

_images/groupAMM.gif

Create a messaging configuration to be used by the group created in the above step. The class name is com.swiveltechnologies.pinsafe.server.transport.PNATransport. Set Destination Attribute to platformandpushid. After finishing with the queue configuration, open the PNA_AMM that is now displayed under the Messaging menu and select AndroidOS App Version and Android key to Version 6 AMM:

_images/queueAMM.gif

Before provisioning ensure all users that will be provisioned with AMM are included in the group created for AMM PUSH notification:

_images/usersAMM.gif

AMM Configuration OATH + PUSH

SSD Server Configuration for OATH + PUSH

This configuration is performed by Swivel Secure team on deployment. Policy for AMM is to be set as OATH + PUSH (if PUSH is required) in the server.

Sentry Policy Configuration

Sentry Policy > Mobile App. Then set tag Mobile App Local Mode to NO and Mobile App OATH Mode to YES.

_images/policyAMMoath.gif

Group Creation and Messaging Configuration

This configuration is related to the PUSH notification. Please read and follow these instructions carefully in order to have PUSH working properly in your AMM application.

Create a group in Repository > Groups for users that will provision AMM application:

_images/groupAMM.gif

Create a messaging configuration to be used by the group created in the above step. The class name is com.swiveltechnologies.pinsafe.server.transport.PNATransport. Set Destination Attribute to platformandpushid. After finishing with the queue configuration, open the PNA_AMM that is now displayed under the Messaging menu and select AndroidOS App Version and Android key to Version 6 AMM:

_images/queueAMM.gif

Before provisioning ensure all users that will be provisioned with AMM are included in the group created for AMM PUSH notification:

_images/usersAMM.gif

AMM Provisioning

Before provisioning it’s assumed that Sentry has the users, repositories, groups, transport and rights properly setup.

The provision process is not different from our previous mobile application versions. When you first open the application you will be taken to a “Let’s add your first provision” screen with the button to scan QR code in the bottom.

After configuration is properly setup go to User Administration, select the desired user to be provisioned and press button App Provision.

An email with the provision code will arrive to the user’s e-mail. AMM application will provision only one device with the provision code. If a new provision code is requested, previous provision code will be erased and the device with the old provision should be deprovisioned by the user. Requesting new provisioning while the old provision is in place, will affect current provisioned devices and it won’t work anymore. Proceed with a new provisioning process if applicable.

Steps:

  • QR Code will launch a camera and your Apple device will ask you to grant permissions for the Swivel application to use the Camera.
alternate text

Below an example of multiple provisions within the app.

alternate text
  • If the user clicks on the Manual Configuration they are taken to the Manual Configuration Screen.
_images/manualprovisionmail.gif alternate text

Your AMM is now provisioned and ready for usage.

Additional Information

In addition, users can edit and customise the name of the different appliances provisioned on AMM. This feature allows users to find the needed OTC faster. Below a video with an example changing the appliance name tag.

alternate text