Scribd
Upload
337 views61 pages

Gemalto MobilePASS - Plus - iOS - 1.3 - User - Guide - RevA PDF

Uploaded by

Burkay Etiler
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
337 views61 pages

Gemalto MobilePASS - Plus - iOS - 1.3 - User - Guide - RevA PDF

Uploaded by

Burkay Etiler
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

SafeNet MobilePASS+ for iOS

User Guide
All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or
its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual
property protection in connection with such information.
Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under
any intellectual and/or industrial property rights of or concerning any of Gemalto’s information.
This document can be used for informational, non-commercial, internal and personal use only provided that:
 The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear
in all copies.
 This document shall not be posted on any network computer or broadcast in any media and no
modification of any part of this document shall be made.
Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities.
The information contained in this document is provided “AS IS” without any warranty of any kind. Unless
otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information
contained herein.
The document could include technical inaccuracies or typographical errors. Changes are periodically added to
the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the
specifications data, information, and the like described herein, at any time.
Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein,
including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In
no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential
damages or any damages whatsoever including but not limited to damages resulting from loss of use, data,
profits, revenues, or customers, arising out of or in connection with the use or performance of information
contained in this document.
Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not
incur, and disclaims, any liability in this respect. Even if each product is compliant with current security
standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to
the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall
Gemalto be held liable for any third party actions and in particular in case of any successful attack against
systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security
for direct, indirect, incidental or consequential damages that result from any use of its products. It is further
stressed that independent testing and verification by the person using the product is particularly encouraged,
especially in any application in which defective, incorrect or insecure functioning could result in damage to
persons or property, denial of service or loss of privacy.
© 2017 Gemalto. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of
Gemalto N.V. and/or its subsidiaries and are registered in certain countries. All other trademarks and service
marks, whether registered or not in specific countries, are the property of their respective owners.

Product Version: 1.3


Document Part Number: 007-013372-003, Rev. A
Release Date: 16 January 2017

SafeNet MobilePASS+ for iOS 1.3: User Guide 2


Document PN: 007-013372-003, Rev. A
Contents
1 Preface ............................................................................................................................. 5
Difference between SafeNet MobilePASS+ App and Token .......................................................................... 5
SafeNet MobilePASS+ App ...................................................................................................................... 5
SafeNet MobilePASS+ Token .................................................................................................................. 5
Who Should Read this Document................................................................................................................... 5
Support Contacts ............................................................................................................................................ 6

2 Installing the SafeNet MobilePASS+ App ......................................................................... 7


Supported Platforms ....................................................................................................................................... 7
Downloading the SafeNet MobilePASS+ Application ..................................................................................... 7

3 Enrolling SafeNet MobilePASS+ Token ........................................................................... 8


Methods to Enroll a SafeNet MobilePASS+ Token ......................................................................................... 8
Automatic Enrollment ...................................................................................................................................... 9
Enrolling by Scanning QR Code ................................................................................................................... 15
Enrolling by Copying and Pasting the Activation String................................................................................ 23
Creating a New Token .................................................................................................................................. 30

4 Authenticating with Touch ID ......................................................................................... 31


Activating and Deactivating Touch ID ........................................................................................................... 31
Logging onto a Token with Touch ID ............................................................................................................ 32

5 Generating Passcodes ................................................................................................... 33


Generating a Passcode with Time-based Tokens ........................................................................................ 34
Generating a Passcode with Event-based Tokens....................................................................................... 34
Generating Passcodes with Challenge-Response Tokens .......................................................................... 35

6 Using Push OTP ............................................................................................................ 37


Introduction to Push OTP ............................................................................................................................. 37
Activating and Deactivating Push OTP ......................................................................................................... 38
Logging in with Push OTP ............................................................................................................................ 39

7 Changing a Token PIN ................................................................................................... 44


Changing a Token PIN .................................................................................................................................. 44

8 Renaming and Deleting a Token .................................................................................... 46


Renaming a Token........................................................................................................................................ 46
Deleting a Token ........................................................................................................................................... 48

9 Viewing Token, App, and Log Information ..................................................................... 49


Viewing Token Information............................................................................................................................ 49
Viewing SafeNet MobilePASS+ App Information .............................................................................................. 50

SafeNet MobilePASS+ for iOS 1.3: User Guide 3


Document PN: 007-013372-003, Rev. A
Viewing Event Log ........................................................................................................................................ 52
Viewing Help Topics ..................................................................................................................................... 54

10 Frequently Asked Questions .......................................................................................... 56


What is a SafeNet MobilePASS+ Token?...................................................................................................... 56
How does SafeNet MobilePASS+ protect me? ............................................................................................... 56
How do I generate a passcode on my mobile device? ................................................................................. 56
How do I get started with SafeNet MobilePASS+? ...................................................................................... 57
I have not received an enrollment email, what should I do? ......................................................................... 57
For how long will my token continue to operate? .......................................................................................... 57
What is self-enrollment? ............................................................................................................................... 57
What are the benefits of using the token? ................................................................................................... 57
How do I protect my security PIN?................................................................................................................ 57
What should I do if I cannot log in using my token? ...................................................................................... 57
What is Push OTP? ...................................................................................................................................... 58
How do I use Push OTP? ............................................................................................................................. 58

11 Terminology ................................................................................................................... 59

12 References ..................................................................................................................... 61
Related Documents ...................................................................................................................................... 61
SafeNet MobilePASS+ ........................................................................................................................... 61
SafeNet Authentication Service (SAS) ................................................................................................... 61

SafeNet MobilePASS+ for iOS 1.3: User Guide 4


Document PN: 007-013372-003, Rev. A
Preface

SafeNet MobilePASS+ is a mobile client application that enables you to access corporate and web-based
resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ is a cost-
effective way for businesses to leverage the security of One Time Passwords (OTP) using mobile phones.
Associated with SafeNet Authentication Service- Cloud Edition, the SafeNet MobilePASS+ application is a
perfect combination of security and convenience. It offers a simple user experience for token activation and
authentication using the Push OTP mechanism.

NOTE: SafeNet MobilePASS+ can generate passcodes independently of mobile


network connectivity.

Difference between SafeNet MobilePASS+ App and Token


The SafeNet MobilePASS+ solution includes both the SafeNet MobilePASS+ app and SafeNet MobilePASS+
tokens. The following description clarifies the terms.

SafeNet MobilePASS+ App


The SafeNet MobilePASS+ app is an application that turns your mobile phone into a two-factor authentication
device, removing the need to carry an additional hardware token.
As a SafeNet MobilePASS+ user, you can generate passcodes on your mobile device, and use those
passcodes to authenticate to protected corporate and web-based applications.

SafeNet MobilePASS+ Token


A SafeNet MobilePASS+ token is related to an account and its associated parameters, such as name, user PIN,
enrolled keys, and PIN policy. Each SafeNet MobilePASS+ app can manage multiple SafeNet MobilePASS+
tokens. For example, a user may require several tokens, each one related to a different web service.

Who Should Read this Document


This document is intended for end-users who will be using the SafeNet MobilePASS+ app. This document
provides information on how to install and run the SafeNet MobilePASS+ token.

SafeNet MobilePASS+ for iOS 1.3: User Guide 5


Document PN: 007-013372-003, Rev. A
Support Contacts
If you encounter a problem while installing, registering, or operating this product, please make sure that you
have read the documentation. If you cannot resolve the issue, contact your supplier or Gemalto Customer
Support. Gemalto Customer Support operates 24 hours a day, 7 days a week. Your level of access to this
service is governed by the support plan arrangements made between Gemalto and your organization. Please
consult this support plan for further information about your entitlements, including the hours when telephone
support is available to you.

Contact Method Contact Information

Address Gemalto
4690 Millennium Drive
Belcamp, Maryland 21017, USA

Phone US 1-800-545-6608

International 1-410-931-7520

Technical Support https://serviceportal.safenet-inc.com


Customer Portal Existing customers with a Technical Support Customer Portal account can log in to
manage incidents, get the latest software upgrades, and access the Gemalto Knowledge
Base.

SafeNet MobilePASS+ for iOS 1.3: User Guide 6


Document PN: 007-013372-003, Rev. A
Installing the SafeNet MobilePASS+ App

Supported Platforms
SafeNet MobilePASS+ for iOS runs iOS versions 8, 9 and 10.

Downloading the SafeNet MobilePASS+ Application


Download and install SafeNet MobilePASS+ from Apple App Store.
Once installed, the SafeNet MobilePASS+ application icon will be visible on your device:

SafeNet MobilePASS+ for iOS 1.3: User Guide 7


Document PN: 007-013372-003, Rev. A
Enrolling SafeNet MobilePASS+ Token

Methods to Enroll a SafeNet MobilePASS+ Token


Before you can use SafeNet MobilePASS+ to generate passcodes, you must enroll a SafeNet MobilePASS+
token on your device.

NOTE: Additional SafeNet MobilePASS+ tokens can be added later (see “


Creating a New Token” on page 30).

You can enroll your SafeNet MobilePASS+ token using one of the following methods:
 Automatic Enrollment – Automatically copy and paste the activation code into the Auto Enrollment
window by clicking the Enroll your SafeNet MobilePASS+ token link on the notification email.
 QR Code Enrollment – Scan a QR Code to enroll your SafeNet MobilePASS+ token. This is
recommended when you cannot receive email or open self-enrollment from the target device.
 Copy and Paste Activation String into the Automatic Enrollment Window - This is recommended
when you have difficulties with Automatic Enrollment. For example, if the registration link in the device
does not work or the browser in use does not support opening an external application.

SafeNet MobilePASS+ for iOS 1.3: User Guide 8


Document PN: 007-013372-003, Rev. A
Automatic Enrollment
After your system administrator assigns you a token, you will receive a notification email.
To enroll SafeNet MobilePASS+ token automatically:
1. Tap the https:// link in the email.

The SafeNet Authentication Service Self-Enrollment webpage opens.


2. Click Enroll your SafeNet MobilePASS+ token.

SafeNet MobilePASS+ for iOS 1.3: User Guide 9


Document PN: 007-013372-003, Rev. A
3. If prompted to open in MobilePASS+ tap Open.

4. If the Push Notification screen is displayed, to enable autosend passcodes tap OK, else tap No Thanks.

SafeNet MobilePASS+ for iOS 1.3: User Guide 10


Document PN: 007-013372-003, Rev. A
If you selected OK in the Push Notification screen, a message “SafeNet MobilePASS+” Would Like to
Send You Notifications message is displayed.
5. To enable Push Notifications tap OK, else tap Don’t Allow.

NOTE: The message “App Name” Would Like to Send You Notifications is
presented for all iOS apps that use notifications. It enables you to activate the
app’s notification function. This screen is presented only once per app.

NOTE: Your token can be configured by your system administrator to work with
Token PIN, Server PIN, or no PIN.
If configured for no PIN, you will not be prompted to enter a PIN.

6. If your token is PIN protected, do one of the following:


a. If your token is token PIN protected, the TOKEN PIN window opens. Enter a PIN in the Token PIN field
and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

SafeNet MobilePASS+ for iOS 1.3: User Guide 11


Document PN: 007-013372-003, Rev. A
b. If your token is server-side PIN protected, the SERVER PIN window opens. Enter a PIN in the Server
PIN field and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

SafeNet MobilePASS+ for iOS 1.3: User Guide 12


Document PN: 007-013372-003, Rev. A
7. In the Access Token with Touch ID screen, click Enable to activate Touch ID, or else click Skip.

NOTE: The Access Token with Touch ID option is available only if activated by
your system administrator.

8. In the ENROLLMENT COMPLETE screen, do one of the following:


a. To accept the default token name, tap OK.
b. To edit the Token Name, type the required changes into the TOKEN NAME field and tap OK.

SafeNet MobilePASS+ for iOS 1.3: User Guide 13


Document PN: 007-013372-003, Rev. A
The newly enrolled SafeNet MobilePASS+ token is displayed in the SafeNet MobilePASS+ app.

SafeNet MobilePASS+ for iOS 1.3: User Guide 14


Document PN: 007-013372-003, Rev. A
Enrolling by Scanning QR Code
After your system administrator assigns you a token, you will receive a notification email.

To enroll SafeNet MobilePASS+ by scanning the QR Code:


1. Tap the https:// link in the email on a different device to the one on which you want to install the SafeNet
MobilePASS+ token
The SafeNet Authentication Service Self-Enrollment webpage opens.
2. Select iOS from the drop-down list of supported devices. The QR code is displayed.

3. On your device, open the SafeNet MobilePASS+ application, tap Get Started (if this is the first time you
have used the app), or tap the Add icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 15


Document PN: 007-013372-003, Rev. A
4. In the Activation window, tap QR Code Enrollment.

5. If prompted to allow SafeNet MobilePASS+ to access the camera, tap OK.

SafeNet MobilePASS+ for iOS 1.3: User Guide 16


Document PN: 007-013372-003, Rev. A
6. Point the camera to the QR Code on the SafeNet Authentication Service Self-Enrollment webpage

The camera scans the QR Code and begins enrollment.

SafeNet MobilePASS+ for iOS 1.3: User Guide 17


Document PN: 007-013372-003, Rev. A
NOTE: Your token can be configured by your system administrator to work with
Token PIN, Server PIN, or no PIN.
If configured for no PIN, you will not be prompted to enter a PIN.

7. If your token is PIN protected, do one of the following:


a. If your token is token PIN protected, the TOKEN PIN window opens. Enter a PIN in the Token PIN field
and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

SafeNet MobilePASS+ for iOS 1.3: User Guide 18


Document PN: 007-013372-003, Rev. A
b. If your token is server-side PIN protected, the SERVER PIN window opens. Enter a PIN in the Server
PIN field and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

8. In the Push Notification screen, to enable autosend passcodes tap OK, else tap No Thanks.

SafeNet MobilePASS+ for iOS 1.3: User Guide 19


Document PN: 007-013372-003, Rev. A
If you selected OK in the Push Notification screen, a message “MobilePASS+” Would Like to Send You
Notifications message is displayed.
9. To enable Push Notifications tap OK, else tap Don’t Allow.

NOTE: The message “App Name” Would Like to Send You Notifications is
presented for all iOS apps that use notifications. It enables you to activate the
app’s notification function. This screen is presented only once per app.

SafeNet MobilePASS+ for iOS 1.3: User Guide 20


Document PN: 007-013372-003, Rev. A
10. In the Access Token with Touch ID screen, click Enable to activate Touch ID, or else click Skip.

NOTE: The Access Token with Touch ID option is available only if activated by
your system administrator.

11. In the ENROLLMENT COMPLETE screen, do one of the following:


c. To accept the default token name, tap OK.
d. To edit the Token Name, type the required changes into the TOKEN NAME field and tap OK.

SafeNet MobilePASS+ for iOS 1.3: User Guide 21


Document PN: 007-013372-003, Rev. A
The newly enrolled SafeNet MobilePASS+ token is displayed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 22


Document PN: 007-013372-003, Rev. A
Enrolling by Copying and Pasting the Activation String
To enroll SafeNet MobilePASS+ by copying and pasting the activation string:
1. Copy the activation string from the web page.

TIP: To copy the activation string:


1. Long-tap on the activation string.
2. Drag the set of bounding handles to include the whole activation string.
3. Tap the selected text again to copy the activation string to the clipboard.

2. Open the SafeNet MobilePASS+ application and tap Get Started, or tap the Add icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 23


Document PN: 007-013372-003, Rev. A
3. In the Activation window, tap Auto Enrollment.

4. To paste the activation string, tap Tap to paste.

SafeNet MobilePASS+ for iOS 1.3: User Guide 24


Document PN: 007-013372-003, Rev. A
5. Tap ENROLL.

NOTE: Your token can be configured by your system administrator to work with
Token PIN, Server PIN, or no PIN.
If configured for no PIN, you will not be prompted to enter a PIN.

6. If your token is PIN protected, do one of the following:


a. If your token is token PIN protected, the TOKEN PIN window opens. Enter a PIN in the Token PIN field
and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

SafeNet MobilePASS+ for iOS 1.3: User Guide 25


Document PN: 007-013372-003, Rev. A
b. If your token is server-side PIN protected, the SERVER PIN window opens. Enter a PIN in the Server
PIN field and enter again in the Confirm Token PIN field, and tap SUBMIT.

NOTE: The type and number of characters required for the PIN is displayed on the
screen above the Submit button.

SafeNet MobilePASS+ for iOS 1.3: User Guide 26


Document PN: 007-013372-003, Rev. A
7. If the Push Notification screen is displayed, to enable autosend passcodes tap OK, else tap No Thanks.

If you selected OK in the Push Notification screen, a message “MobilePASS+” Would Like to Send You
Notifications message is displayed.
8. To enable Push Notifications tap OK, else tap Don’t Allow.

NOTE: The message “App Name” Would Like to Send You Notifications is
presented for all iOS apps that use notifications. It enables you to activate the
app’s notification function. This screen is presented only once per app.

SafeNet MobilePASS+ for iOS 1.3: User Guide 27


Document PN: 007-013372-003, Rev. A
9. In the Access Token with Touch ID screen, click Enable to activate Touch ID, or else click Skip.

NOTE: The Access Token with Touch ID option is available only if activated by
your system administrator.

10. In the ENROLLMENT COMPLETE screen, do one of the following:


a. To accept the default token name, tap OK.
b. To edit the Token Name, type the required changes into the TOKEN NAME field and tap OK.

SafeNet MobilePASS+ for iOS 1.3: User Guide 28


Document PN: 007-013372-003, Rev. A
The new SafeNet MobilePASS+ token is displayed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 29


Document PN: 007-013372-003, Rev. A
Creating a New Token
To create a new token:
1. Open the SafeNet MobilePASS+ application.

2. Tap the Add icon


3. Enroll a new token (see “Methods to Enroll a SafeNet MobilePASS+ Token” on page 8)

SafeNet MobilePASS+ for iOS 1.3: User Guide 30


Document PN: 007-013372-003, Rev. A
Authenticating with Touch ID

Activating and Deactivating Touch ID


NOTE: To use Touch ID on SafeNet MobilePASS+ the following is required:
 The Touch ID function must be activated on your iOS device
 Your SafeNet MobilePASS+ token must have been configured by your
system administrator to support Touch ID

To activate/deactivate Touch ID in SafeNet MobilePASS+ token:

1. Open the SafeNet MobilePASS+ app and tap the Settings icon next to the token.

2. Slide the Enable Touch ID button to the right. The Purple color indicates that Touch ID is activated.

3. To deactivate Touch ID, slide the Enable Touch ID button to the left.
The grey color indicates the Enable Touch ID is deactivated.

SafeNet MobilePASS+ for iOS 1.3: User Guide 31


Document PN: 007-013372-003, Rev. A
Logging onto a Token with Touch ID
Touch ID utilizes the fingerprint sensor built into the Home button on iOS devices. If the token has been
configured to work with iOS Touch ID, each time you are required to enter a PIN you will be prompted to use the
Touch ID.

To log on to the token with Touch ID:


Touch the device’s Home button.

To log on to the token with a PIN after being prompted for Touch ID:
1. Click Token Pin
2. In the Token PIN field, enter the PIN.

3. To switch to Touch ID, tap the fingerprint icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 32


Document PN: 007-013372-003, Rev. A
Generating Passcodes

Your SafeNet MobilePASS+ tokens can be configured by your system administrator to generate passcodes
using one of the following methods:
 Time based
 Event based
 Challenge-Response
Your SafeNet MobilePASS+ app can contain multiple SafeNet MobilePASS+ tokens, configured with different
passcode generation methods.

SafeNet MobilePASS+ for iOS 1.3: User Guide 33


Document PN: 007-013372-003, Rev. A
Generating a Passcode with Time-based Tokens
If you are using a time-based token, the passcode is generated automatically after the specified time interval has
elapsed. When a new passcode is generated, the previous passcode is no longer valid.
To generate a passcode with a time-based token:
1. Open the SafeNet MobilePASS+ app.
2. If there is more than one token, tap the required token.
3. If your token is PIN protected, enter the PIN, or if available, use the Touch ID.
The passcode is displayed.

4. To copy the passcode to the clipboard, tap the Clipboard icon


A new passcode will be displayed at the end of the specified time-interval.

Generating a Passcode with Event-based Tokens


Event-based tokens are so-called because they require an event to generate the passcode. In SafeNet
MobilePASS+, the event is the tapping of the Next Password button. The passcode is valid until another
passcode is generated.
To generate a passcode with an event-based token:
1. Open the SafeNet MobilePASS+ app.
2. If there is more than one token, tap the required token.
3. If your token is PIN protected, enter the PIN, or if available, use the Touch ID.
The passcode is displayed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 34


Document PN: 007-013372-003, Rev. A
4. To copy the passcode to the clipboard, tap the clipboard icon
5. To generate a new passcode, tap Next Passcode.

Generating Passcodes with Challenge-Response Tokens


To generate a passcode on a Challenge-Response Token, you must first receive the challenge code. To receive
the challenge code, follow the procedure used in your organization.
To generate a passcode with a challenge-response token:
1. Open the SafeNet MobilePASS+ app.
2. If there is more than one token, tap the required token.
3. Enter the provided challenge code in the Challenge Code field.

SafeNet MobilePASS+ for iOS 1.3: User Guide 35


Document PN: 007-013372-003, Rev. A
4. Tap Generate Passcode.
The passcode is displayed.

5. To generate another passcode, tap Enter Challenge, and then repeat the process.

SafeNet MobilePASS+ for iOS 1.3: User Guide 36


Document PN: 007-013372-003, Rev. A
Using Push OTP

Introduction to Push OTP


Support for the Push OTP feature depends on the configuration of your SafeNet MobilePASS+ token.
Push OTP simplifies the process of accessing a protected resource, such as a webpage, cloud or VPN. A push
notification is sent from the login page to your mobile device and can be viewed as follows:
 An iOS locked-screen notification.
 A Pending Notification bar displayed on the SafeNet MobilePASS+ application.
After you have approved the login request with a tap of a button, and entered a PIN (if required according to
your tokens’ settings), a passcode is generated by your SafeNet MobilePASS+ app and sent to the login page,
logging you in automatically. This eliminates the need to generate a one-time passcode (OTP) on your mobile
device or to enter it into the login page.
You may be required to enter a PIN after approving the push notification.

SafeNet MobilePASS+ for iOS 1.3: User Guide 37


Document PN: 007-013372-003, Rev. A
Activating and Deactivating Push OTP
To activate/deactivate Push OTP:

1. Open the SafeNet MobilePASS+ app and tap the Menu Icon
2. Do one of the following:
a. To activate Push OTP, slide the Autosend Passcode button to the right. The Purple color indicates the
Push OTP is activated.

b. To deactivate Push OTP, slide the Autosend Passcode button to the left.
The grey color indicates the Push OTP is deactivated.

SafeNet MobilePASS+ for iOS 1.3: User Guide 38


Document PN: 007-013372-003, Rev. A
Logging in with Push OTP
The following description uses Microsoft Office 365 as an example. The login steps may vary for other
resources.
To log in with Push OTP:
1. Open the login page of the resource you wish to access and enter your organization username and
password.

SafeNet MobilePASS+ for iOS 1.3: User Guide 39


Document PN: 007-013372-003, Rev. A
You are redirected to your organization’s login page.
2. Enter your login credentials and click Sign in.

3. Select Use my mobile to autosend a password and click Submit.

SafeNet MobilePASS+ for iOS 1.3: User Guide 40


Document PN: 007-013372-003, Rev. A
A notification of the login request is sent to your mobile device.

4. When the login request notification arrives on your mobile device, you can respond in one of the following
ways:

Notification Location Action to approve the Push OTP login request

iOS Locked Screen Do one of the following:


1. Swipe the notification from right to left to expand it, and tap APPROVE.
2. Single tap on the notification to open the login request in SafeNet MobilePASS+,
review the login request information, and tap APPROVE.

SafeNet MobilePASS+ 1. Tap the Pending Notification bar.


Application
(Available in iOS 10 and
later)

2. Tap APPROVE.
Note: If there are multiple login requests pending, tapping the Pending
Notification bar will prompt the user to approve or deny the most recent
notification. Earlier notifications will remain in the bar.

SafeNet MobilePASS+ for iOS 1.3: User Guide 41


Document PN: 007-013372-003, Rev. A
NOTE: The Login Request screen includes information about the request, such
as the application initiating the request, the location from where the request was
sent, and its IP. If this information is unfamiliar and not expected, then tap
DENY, and then tap ‘It wasn’t me!’ This will send a notification of the
unauthorized login attempt to your organization’s authentication management
system

3. If prompted, enter the Token PIN and tap CONTINUE.

SafeNet MobilePASS+ for iOS 1.3: User Guide 42


Document PN: 007-013372-003, Rev. A
SafeNet MobilePASS+ sends a passcode to the login page.

You are now logged in.

SafeNet MobilePASS+ for iOS 1.3: User Guide 43


Document PN: 007-013372-003, Rev. A
Changing a Token PIN

Changing a Token PIN


NOTE: The Change Token PIN option is available only if your SafeNet
MobilePASS+ token has been configured for user-selected PIN protection.
You are allowed only a certain number of attempts to enter the correct PIN
(depending on how many permitted retries your administrator has defined). If you
exceed the number of allowed retries, your token must be re-enrolled.
The PIN entered must be in accordance with the policy set by your system
administrator. For example, the minimum length and character types required.

To change the PIN:


1. Open SafeNet MobilePASS+ app.

2. Tap the Settings icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 44


Document PN: 007-013372-003, Rev. A
3. Tap CHANGE PIN.

4. In the CHANGE TOKEN PIN screen, enter the Current PIN.


5. Enter the new PIN in the NEW PIN field, enter again in Confirm new PIN, and then tap SUBMIT.

The token PIN has been changed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 45


Document PN: 007-013372-003, Rev. A
Renaming and Deleting a Token

Renaming a Token
To rename a token:
1. Open the SafeNet MobilePASS+ app.

2. Tap the Configuration icon next to the token you want to rename.

3. Click the Edit icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 46


Document PN: 007-013372-003, Rev. A
4. Type in the new name.

5. Click the Save icon

SafeNet MobilePASS+ for iOS 1.3: User Guide 47


Document PN: 007-013372-003, Rev. A
Deleting a Token
To delete a token:
1. Open the SafeNet MobilePASS+ app.

2. Tap the Configuration icon next to the token you want to delete.
3. Tap DELETE.

4. Tap DELETE again to confirm the deletion.

SafeNet MobilePASS+ for iOS 1.3: User Guide 48


Document PN: 007-013372-003, Rev. A
Viewing Token, App, and Log Information

Viewing Token Information


To view token information:
1. Open the SafeNet MobilePASS+ app

2. Tap the settings icon next to the token.


The following token information is displayed:
 OTP Mode - displays the system for passcode generation (Time-based or Event-Based).
 Policy String - identifies the SafeNet MobilePASS+ policy.
 Policy Level - represents the token generation, reflecting changes in the token structure and
characteristics.
 PIN Type - indicates the type of PIN (None/Token/Server)
 Serial Number - a unique identifier for the token
 Enable Touch ID – Purple color indicates that Touch ID is activated (slide to activate/deactivate)

SafeNet MobilePASS+ for iOS 1.3: User Guide 49


Document PN: 007-013372-003, Rev. A
Viewing SafeNet MobilePASS+ App Information
To view SafeNet MobilePASS+ app Information:

1. Open the SafeNet MobilePASS+ app and select the Menu Icon
2. Tap About.

SafeNet MobilePASS+ for iOS 1.3: User Guide 50


Document PN: 007-013372-003, Rev. A
Information about the SafeNet MobilePASS+ app is displayed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 51


Document PN: 007-013372-003, Rev. A
Viewing Event Log
You can view a log of SafeNet MobilePASS+ events, and can send a file of the log to a recipient. Typically, this
may be requested by your Help Desk to assist in resolving an issue.
To view the event log:

1. Open the SafeNet MobilePASS+ app and tap the Menu Icon
2. Tap Support.

3. To share the Event log, click Share Event Log.

SafeNet MobilePASS+ for iOS 1.3: User Guide 52


Document PN: 007-013372-003, Rev. A
4. Select an email application.

NOTE: Use an email application to send the log file. Other types of applications
are not supported for this purpose.

A zip file of the log is attached to the email message.


5. Enter the email address, type a message (if required), and send.

SafeNet MobilePASS+ for iOS 1.3: User Guide 53


Document PN: 007-013372-003, Rev. A
Viewing Help Topics
To view Help topics:

1. Tap the Menu Icon


2. Tap Help.

A list of help topics describing the use of the SafeNet MobilePASS+ app and token are displayed.

SafeNet MobilePASS+ for iOS 1.3: User Guide 54


Document PN: 007-013372-003, Rev. A
3. Tap on the required topic to display the information.

SafeNet MobilePASS+ for iOS 1.3: User Guide 55


Document PN: 007-013372-003, Rev. A
Frequently Asked Questions

As a SafeNet MobilePASS+ user, you can generate passcodes on your device, and use those passcodes to
authenticate to protected corporate and web-based applications.
SafeNet MobilePASS+ allows secure remote access to corporate and web-based applications. An integrated
support feature allows your company’s system administrator to manage it directly from a token management
application.

What is a SafeNet MobilePASS+ Token?


SafeNet MobilePASS+ is a mobile application that generates an OTP (One-Time Password), also referred to as
a passcode, to use for secure remote access to corporate and web-based applications. It works independently
of mobile network connectivity.

How does SafeNet MobilePASS+ protect me?


Password theft is the method used most frequently by thieves and hackers to steal identities and gain
unauthorized access to computer networks. While they have many ways to steal a password, success depends
on the stolen password being valid, in much the same way that credit card theft relies on the card being usable
until you report it missing. SafeNet MobilePASS+ prevents the stolen password being used to log in to the
protected network, even if you and your company’s security professionals are unaware that it has been stolen,
because immediately after logging on, the generated passcode stops being valid. Any attempt to login by
reusing the passcode will fail, and will alert your network security professionals to the possibility that your identity
has been stolen.

How do I generate a passcode on my mobile device?


After installing SafeNet MobilePASS+ on your mobile device, use the application to generate a passcode. You
may be required to enter a PIN before generating the passcode.

SafeNet MobilePASS+ for iOS 1.3: User Guide 56


Document PN: 007-013372-003, Rev. A
How do I get started with SafeNet MobilePASS+?
After the installation of the application on your mobile, the first operation is to activate a token. There are two
possible ways to do that:
Automatic self-enrollment - you will receive a self-enrollment email from your company which contains a link
to the self-enrollment web site and instructions for installing, enrolling and activating your token.
Automatic enrollment - copy an activation code included in the self-enrollment email and paste it to your
SafeNet MobilePASS+ app.

I have not received an enrollment email, what should I


do?
If you have not received your self-enrollment email, contact your system administrator to arrange for a new self-
enrollment email to be sent.

For how long will my token continue to operate?


Your token will be able to generate passcodes until it is revoked by your security administrator.

What is self-enrollment?
Self-enrollment is the process of activating your token. You must complete this process before using your
SafeNet MobilePASS+ token to login.

What are the benefits of using the token?


SafeNet MobilePASS+ enables you to access corporate and web-based resources securely. In addition, it will
reduce or eliminate the need to remember or periodically change your login passwords, as your token will do
this for you.

How do I protect my security PIN?


If your SafeNet MobilePASS+ token is configured to use a PIN, protect it as you would the PIN for your credit
card. Never share it with anybody. Your network security administrator and help desk will never ask for your PIN
and you should never reveal it to them. Never write down your PIN.

What should I do if I cannot log in using my token?


The most common cause of failed login is entering an incorrect passcode. Ensure that you enter the code
exactly as displayed on the token, including any punctuation, and upper and lower case letters. Never attempt to
reuse a passcode. Your account will automatically lock for a period if you exceed the allowed number of
consecutive failed login attempts. You must wait for the required period of time before your account becomes
active again. Contact your company’s help desk to resolve login problems.

SafeNet MobilePASS+ for iOS 1.3: User Guide 57


Document PN: 007-013372-003, Rev. A
What is Push OTP?
The SafeNet MobilePASS+ Push OTP feature enables you to authenticate with a single tap, eliminating the
need to generate manually a passcode on your mobile device, or to enter the passcode manually in the login
page of your protected resource (website or network).

How do I use Push OTP?


To use Push OTP, enter your username in the login page of your protected device and select Autosend. You will
receive a login request on your SafeNet MobilePASS+ app. After you tap the Approve button, a passcode is
automatically sent to your protected resource and you are logged in.

SafeNet MobilePASS+ for iOS 1.3: User Guide 58


Document PN: 007-013372-003, Rev. A
Terminology

Term Description

Activation String or code The activation string is sent to the SafeNet MobilePASS+ user, who uses it to
activate the application and add tokens.

Autosend The term used to identify push notification based passcode delivery.

Challenge-Response or A family of protocols in which one party presents a question ("challenge") and
OCRA (OATH Challenge- another party must provide a valid answer ("response") to be authenticated. If
Response Algorithm) SafeNet MobilePASS+ is configured to work with Challenge-Response, the user is
sent the challenge code. The user then enters the code into the token, taps the
Challenge-Response button, and the passcode (the response) is displayed

Enrollment Enrollment is the process of adding a SafeNet MobilePASS+ token to the SafeNet
MobilePASS+ app and making it active.

Event-Based Tokens Event-based tokens generate passcodes when a particular event occurs; typically,
when the user presses a button or taps an icon. The passcode generated by an
event-based token is valid until another passcode is generated.

SafeNet MobilePASS+ The SafeNet MobilePASS+ application turns a mobile phone into a two-factor
App authentication device, removing the need to carry an additional hardware token.
As a SafeNet MobilePASS+ user, you can generate passcodes on your mobile
device, and use those passcodes to authenticate to protected corporate and web-
based applications.

SafeNet MobilePASS+ A SafeNet MobilePASS+ token is related to an account and its associated
Token parameters, such as name, user PIN, enrolled keys, and PIN policy. Each SafeNet
MobilePASS+ app can manage multiple SafeNet MobilePASS+ tokens. For
example, a user may require several tokens, each one related to a different web
service.

OTP (One Time An OTP is an automatically generated numeric or alphanumeric string of


Password) characters that authenticates the user for a single transaction or session.
Passcode is the preferred term in SafeNet MobilePASS+ applications and
documentation, and is identical to OTP.

SafeNet MobilePASS+ for iOS 1.3: User Guide 59


Document PN: 007-013372-003, Rev. A
Term Description

Passcode The Passcode is the password generated by the SafeNet MobilePASS+ token for
authenticating to a protected web or network resource. If the token is configured for
a time-based OTP, the password is active for a limited period, and can be used
once only, preventing access to unauthorized users, even if stolen. If the token is
set up as event-based, the passcode is valid until another passcode is generated

PIN (Personal Identity If so configured, SafeNet MobilePASS+ app requires the user to enter a PIN to use
Number) the application. This provides an additional layer of protection, preventing
unauthorized users from using the application.

Protected Resource A Protected Resource is any part of a computer system or network, such as a web,
cloud, or VPN, requiring authentication to enable access.

Push OTP With Push OTP technology, when accessing a protected resource, a push
notification is sent to the user’s device. The user approves the request with a
single tap of a button. A new OTP is automatically generated by the SafeNet
MobilePASS+ app and sent to the protected resource, eliminating the need to
generate manually a one-time passcode (OTP) on a mobile device or to enter the
OTP passcode in the login page.

QR Code Quick Response (QR) Code is a two dimensional barcode, a machine readable
optical label.
SafeNet MobilePASS+ can use the smartphone’s camera as an imaging device to
scan a QR Code containing the information required to perform token enrollment.

Software Token A software token is a two-factor authentication security application that is used to
authorize the use of computer services.
SafeNet MobilePASS+ application is an example of a software token.
By contrast, a hardware token is a physical device that needs to be connected to
the computer by, for example, a USB connection, to enable authentication.

Time-Based Tokens Time-Based tokens generate passcodes at pre-set time intervals. When a new
passcode is generated, the previous passcode is no longer valid.
SafeNet MobilePASS+ token can be configured to operate as a time based token.

Touch ID Touch ID is a fingerprint identity sensor built into the Home button on iPhone and
iPad devices. After enrolling one or more fingerprints on the device, Touch ID can
be used instead of a password when unlocking devices and logging onto
applications and websites.
SafeNet MobilePASS+ for iOS can be configured to use Touch ID as a convenient
alternative to manual entry of the PIN in PIN-protected tokens.

SafeNet MobilePASS+ for iOS 1.3: User Guide 60


Document PN: 007-013372-003, Rev. A
References

Related Documents
The following documents contain related or additional information.

SafeNet MobilePASS+
SafeNet MobilePASS+ for iOS Customer Release Notes (CRN)
SafeNet MobilePASS+ for Android Customer Release Notes (CRN)
SafeNet MobilePASS+ for Android User Guide

SafeNet Authentication Service (SAS)


http://www2.safenet-inc.com/sas/implementation-guides.html

SafeNet MobilePASS+ for iOS 1.3: User Guide 61


Document PN: 007-013372-003, Rev. A

You might also like