Authorization code authentication
An authorization code is a system-generated code that is used as an authentication factor for specific scenarios. There are two types of authorization codes: online authorization code and offline authorization code.
- Issue authorization codes through AccessAdmin. If the self-service authorization code feature is deployed, the user can request for an authorization code through a mobile phone (SMS).
- Revoke the last-issued authorization code through AccessAdmin. However, the revocation prevents the user from reusing the same authorization code.
Online authorization code
Use this code if AccessAgent can connect to the IMS Server. The user can use the code several times until the code expires. The minimum code expiry is one day.
The online authorization code is used for:
- Online password reset
AccessAgent asks the user for an authorization code and a secret.
- Registration
of authentication factor
AccessAgent asks for the authorization code and password for the registration of the second authentication factor device of a particular kind.
- Temporary
bypass of authentication factor
An authorization code is required as a temporary replacement when the user forgets or loses the authentication factor or the device reader is not working or is missing.
A temporary password-only lock is created for the Wallet on the computer. This temporary password-only lock expires when the authorization code expires. As such, the user can log on to the Wallet by just providing the user name and password until the authorization code expires.
- Configure the length of the authorization code.
The code has a default of 12 characters and can have a maximum of 32 characters. Use the character set: 0123456789ABCDEF for an online authorization code. The code is not case sensitive and any hyphens entered are ignored.
- Configure the validity period.
The available options are a minimum of one day and a maximum of 31 days. One month is the period from the issue date to the same day of the next month. The exact number of days depends on the month of issue. For example: From August 26 2012, 3 p.m. to September 26 2012, 3 p.m.
Offline authorization code
Use this code if AccessAgent cannot connect to the IMS Server. The user can use the offline authorization code once because the code is issued based on the request code that is displayed on AccessAgent.
The user must have a cached Wallet to use an offline authorization code.
The offline authorization code is used for
- Temporary password
reset
AccessAgent asks the user for an authorization code and a secret.
- Temporary
bypass of authentication factor
For example, the user lost the strong authentication factor and cannot log on to AccessAgent because the Wallet authentication policy requires the strong authentication factor. If the user clicks but I do not have, AccessAgent asks for an authorization code as a temporary replacement for the second factor.
A temporary password-only lock is created for the Wallet on the computer. This temporary password-only lock expires when the authorization code expires. As such, the user can log on to the Wallet by just providing the user name and password until the authorization code expires.
Offline authorization codes are 16 characters long. Request codes are eight characters long and the codes change every minute.
The default character set for both the request code and authorization code is Z3467ACEFHJKRWXY. The code is not case sensitive and any hyphens entered are ignored.
- Configure the validity
period through AccessAdmin.
The available options are at least one day and a maximum of 31 days. One month is the period from the issue date to the same day of the next month. The exact number of days depends on the month of issue. For example: From August 26, 2011, 3 p.m. to September 26, 2011, 3 p.m.