Preparing your Apple device for TOTP

This section is needed only if you are using the IBM® TouchToken for iOS application. In this specifc use case, you download the IBM TouchToken for iOS application to your supported Apple device and then connect to the TOTP registration (HTTP) server to create an account.

Before you begin

You must satisfy the following prerequisites:
  • IBM TouchToken for iOS requires Touch ID. To use Touch ID you must enable a passcode and enroll one or more fingerprints. You should also ensure that your iOS device uses a complex alphanumeric passcode.

    If you do not already have a complex alphanumeric passcode set on your iOS device, use Settings > Touch ID and Passcode > Turn Passcode On (or Change Passcode) > Passcode Options > Custom Alphanumeric Code to set one.

  • TOTP is secured with TLS. Depending on the TLS configuration of the TOTP registration server, your security administrator may instruct you to download and install an additional Root CA certificate to a Configuration Profile in the iOS device. Never do this without explicit guidance from your security administrator. You can then optionally view this profile from the iOS device Settings > General > Profile page.

Procedure

Perform the following steps:

  1. Download and install the IBM TouchToken for iOS application from the App Store on your Apple Touch ID device.
  2. Use Mobile Safari or a desktop browser to invoke the URL for the TOTP registration server. Your system administrator will provide you with this URL.
    The page explains some basic information about TOTP, and contains both a QR code and a link that launch the IBM TouchToken for iOS application.
  3. If using a desktop browser, scan the QR code with your iOS device camera. If using Mobile Safari, tap the "Launch URL" link.
    This launches the IBM TouchToken for iOS application and begins registration for a new TOTP account.
  4. Tap "Begin Account Registration."
  5. Enter your RACF® user ID and current RACF password or passphrase. Tap Done.
  6. The Set Token Alias screen includes the user ID and the touch token realm name. For security purposes, enter an alternate alias and click Save. This step is not required, but it is a Best Practice.
  7. Tap Done on the Account Added screen.
  8. On the TOTP screen, tap the account you just created.
  9. When prompted, enter your touch ID fingerprint.
  10. The application negotiates with the TOTP registration server and creates an OTP token.
  11. Use this OTP token to log on to the z/OS® system.