Onboarding for MobilePASS+ enrollment
Even though the SAS Cloud supports the Push feature of MobilePASS+ tokens, the implementation, configuration and onboarding is different for SAS PCE. To enable Push OTP feature in the SAS PCE, there is a pre-requisite to have client certificates issued by Thales. The SAS PCE customers have to request for these client certificates through their Sales channel. The following process outlines the procedure of customer onboarding:
-
The SAS PCE customers (new or existing) should reach out to their Sales/Account Manager and request for client certificates to enable the Push OTP feature.
-
Based on whether a customer is new, or existing, one of the following steps is followed:
- New Customer: Sales/Account Manager follow the standard PO process. In addition, they fill a Certificate Requisition Form.
- Existing Customer: Sales/Account Manager directly reach out to SAS Operations team by filling the Certificate Requisition Form.
-
The SAS Operations team generates the required client certificates and securely deliver it directly to the customer, similar to other deliverables (such as license key, or HW token seeds).
-
The SAS Operations team creates and maintains record of customer/certificate details.
-
The SAS PCE customer follows the product documentation to configure and enable the Push feature and as part of configuration settings, deploy client certificates in their SAS PCE server.
For details, refer to the Push OTP section.
The customers are notified in advance if their certificate is nearing its expiry. Similar process is followed for renewal of the client certificates.
The SAS PCE customers should enroll (new customers) or re-enroll (existing customers) their MobilePASS+ tokens after they have set up the SAS PCE server enabling the Push OTP feature and connected to the Thales Push service. Only MobilePASS+ tokens that are enrolled when the SAS PCE is connected to the Thales Push service becomes Push capable.
The Certificate Requisition Form can be downloaded here.