Token management and enrollment

For existing customers who are currently using MobilePASS tokens, you need to provision new MobilePASS tokens on MobilePASS+ after the upgrade. The same MobilePASS token type is used for allocation.

Users need to enroll a new MobilePASS+ token. After enrollment is complete, users also need to be aware of the applications for which they can use their MobilePASS+ tokens for Push OTP.

After users enroll new tokens in MobilePASS+, you can revoke their tokens in MobilePASS 8, return them to inventory, and then reuse them to migrate more users from MobilePASS 8 to MobilePASS+.

Token enrollment process

The token enrollment process on the mobile device is largely unchanged from previous versions. After the SAS Operator provisions a user with a MobilePASS token, the user receives an enrollment email. To enroll the token, the user opens the enrollment email on a compatible device, follows the instructions to download MobilePASS+, and then clicks the auto-enrollment link on the self-enrollment page.

During enrollment, users are asked whether to permit Push notifications in MobilePASS+ on their device, as shown in the image below

If they opt-out (select No Thanks) during enrollment, they can grant permission through the MobilePASS+ app later, by sliding the Autosend Passcode button to the right (blue indicates that Push OTP is activated) in the MobilePASS+ settings.

For additional details, refer to the MobilePASS+ section.

View device information about MobilePASS tokens

Operators can inspect which device a MobilePASS token was provisioned on, and whether Push OTP is enabled.

To view the MobilePASS token details:

1. On the SAS console, select Tokens > Tokens. Click Search to display the token list.

2. In the Token List, click a token serial number to view. The token details are displayed.

   The token details can also be viewed in Assignment > Search User > Auth Method > Serial Number.

   The Mobile App section includes the following details:

   • Target: This field displays the device OS on which the MobilePASS token is enrolled.

   • Device Type: This field displays the type of device on which the MobilePASS token is enrolled.

   • Push OTP: This field displays the Push OTP state at the time of token enrollment:

     • Enabled—This state is displayed if the user has permitted Push OTP notifications on the device.

     • Disabled—This state is displayed if the user has not permitted Push OTP notifications on the device, but the application is push capable (MobilePASS+).

     • Not Applicable—This state is displayed if the application is not push capable for the provisioned token (MobilePASS 8).

   

Users – With Tokens report

This report can help track MobilePASS+ and Push OTP deployment. It includes token details (OS type, device type, and Push OTP state) for MobilePASS tokens, for all users in a Virtual Server.