Enrolling a SafeNet MobilePASS+ token
Before you can use SafeNet MobilePASS+ to generate passcodes, you must enroll a SafeNet MobilePASS+ token on your device using one of the following methods:
-
Self-enrollment: Enroll a token from the user portal, and then use it immediately to log in.
-
Automatic Enrollment: Automatically copy and paste the activation code into the Auto Enrollment window by clicking the Enroll your SafeNet MobilePASS+ token link on the notification email.
-
QR Code Enrollment: Scan a QR code to enroll your SafeNet SafeNet MobilePASS+ token. This is recommended when you cannot receive email or open the self-enrollment URL from the target device.
-
Copy-Paste Enrollment: Manually copy and paste the activation string into the activation string field if you have difficulties with automatic enrollment.
As a security best practice, Thales Group recommends that users do not use the copy and
paste function for the OTP or enrollment strings because the clipboard
is shared among all applications running on a device.
A Secure Sockets Layer (SSL) connection with the STA server is required for all SafeNet
MobilePASS+ token activation methods.
Self-enrollment
You can enroll SafeNetSafeNet MobilePASS+ tokens using either of the following methods:
-
Perform all enrollment steps (from initiation to completion) on the same iOS mobile device
-
Initiate enrollment on a Windows or Macintosh desktop device and complete the process on an iOS mobile device or the initial desktop device
If you don't already have a token, the self-enrollment process guides you through the steps to install the SafeNet MobilePASS+ authenticator app on your iPhone or iPad, enroll a token on your iPhone or iPad, and then log in to the user portal.
To follow the self-enrollment steps, you need the following:
-
A device, such as a laptop, where you can connect to the user portal
-
Your iPhone or iPad, where you can install the SafeNet MobilePASS+ app
To self-enroll:
-
From your device, open the user portal using the link provided by your system administrator.
-
On the user portal start window, select Start.
-
Enter your Username and then select Login.
-
Select Add Authenticator.
The Confirm Your Identity screen displays.
The system sends you an email that contains a verification code.
-
Open the email and enter the verification code in the text box on the Confirm Your Identity screen.
-
Select Continue.
-
Select Submit.
-
Select iPhone or iPad.
The Set Up SafeNet MobilePASS+ on iOS screen displays.
The easiest way to install the MobilePASS+ app and to enroll a token is to scan a QR code image with your mobile device. To use QR codes, allow MobilePASS+ to access the camera on your mobile device. Go to Settings > MobilePASS+ and enable Camera permission.
-
Select Continue.
-
Open the camera app on your mobile device and then scan the QR code.
Apple App Store displays the SafeNet MobilePASS+ app on your device.
-
Select the download icon and then select Open.
Token enrollment proceeds automatically and, if push is enabled, a notification is sent to your mobile device.
Automatic enrollment
After your system administrator assigns you a token, you will receive a notification email.
To enroll a SafeNet MobilePASS+ token automatically:
-
Select the https:// link in the email.
The SafeNet Authentication Service Self-Enrollment web page opens.
-
Select Enroll your SafeNet MobilePASS+ token.
-
Select Open to launch the SafeNetSafeNet MobilePASS+ app.
-
Go to Activating your token.
QR code enrollment
QR code enrollment is available only if your token has been configured to include this feature.
After your system administrator assigns you a token, you will receive a notification email.
To enroll a SafeNet MobilePASS+ token by scanning the QR code:
-
Open the enrollment email.
-
Select the https:// link in the email.
The SafeNet Authentication Service Self-Enrollment web page opens.
-
Select iOS from the list of supported devices.
The QR code displays.
-
On your mobile device, open the SafeNet MobilePASS+ app.
-
Select Activate.
-
Select OK.
-
Point the camera at the QR Code on the SafeNet Authentication Service Self-Enrollment web page.
The camera scans the QR Code and begins enrollment.
SafeNet MobilePASS+ guides you through the process to activate a token.
-
Go to Activating your token.
Copy-paste enrollment
As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.
To enroll SafeNet MobilePASS+ by copying and pasting the activation string:
-
Copy the activation string from the web page to your clipboard.
To copy the activation string:
- Long-tap the activation string.
- Drag the set of bounding handles to include the whole activation string.
- Tap the selected text again to copy the activation string to the clipboard. -
Open the SafeNetSafeNet MobilePASS+ app.
The welcome screen displays.
-
Select Activate.
-
Select No QR Code?
-
Paste the activation string that you copied from the email into the text box and then select Activate.
-
Go to Activating your token.
Activating your token
The SafeNet MobilePASS+ app guides you through the steps to set up the authenticator and activate your token.
Some features are available only if your system administrators allows or requires them, such as push notifications, PINs, and fingerprint access.
-
Select Start on the Get Started screen.
-
Select Continue on the One-Time Passcode screen.
-
Select Continue on the Push Authentication screen.
-
Select Allow to receive notifications.
This message is shown for all iOS apps that use notifications. It enables you to activate the app’s notification function. This screen is shown only once per app.
If your token is PIN-protected, continue with step 5. If your token is not PIN-protected, go to step 8.
-
Enter a PIN code.
The type and number of characters required is stated on the screen.
Your token can be configured by your system administrator to work with a token PIN, server PIN, or no PIN. If configured for no PIN, you will not be prompted to enter a PIN.
-
Enter the code again.
-
If the Touch ID Access or Face ID Access screen is displayed, select Use Touch ID or Use Face ID. If you don't want to use touch ID or face ID, select Not Now and use your token PIN instead.
A touch ID or face ID option is displayed only if your system administrator allows it and your device supports it.
-
Select Done.
Your new SafeNetSafeNet MobilePASS+ token displays.
You can now use your token when you log in.
Creating a token
-
Open the SafeNet MobilePASS+ app.
-
Select the Add icon .
-
Enroll a token, see Enrolling a SafeNet MobilePASS+ token.