Enroll MobilePASS+ tokens on iOS
Before you can use SafeNet MobilePASS+ to generate passcodes, you must enroll a token on your device. The token can be either a SafeNet MobilePASS+ token or a third-party token.
You can enroll a SafeNet MobilePASS+ token using one of the following methods:
-
Self-enrollment: (STA only) Enroll a token from the user portal, and then use it immediately to log in.
-
Automatic Enrollment: Automatically copy and paste the activation code into the Auto Enrollment window by clicking the Enroll your SafeNet MobilePASS+ token link on the notification email.
-
QR Code Enrollment: Scan a QR code to enroll your SafeNet MobilePASS+ token. This is recommended when you cannot receive email or open the self-enrollment URL from the target device.
-
Copy-Paste Enrollment: Manually copy and paste the activation string into the activation string field if you have difficulties with automatic enrollment.
As a security best practice, Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.
A Secure Sockets Layer (SSL) connection with the STA server is required for all SafeNet MobilePASS+ token activation methods.
Self-enrollment
(STA only) You can enroll SafeNet MobilePASS+ tokens using either of the following methods:
-
Perform all enrollment steps (from initiation to completion) on the same iOS mobile device
-
Initiate enrollment on a Windows or Macintosh desktop device and complete the process on an iOS mobile device or the initial desktop device
If you don't already have a token, the self-enrollment process guides you through the steps to install the SafeNet MobilePASS+ authenticator app on your iPhone or iPad, enroll a token on your iPhone or iPad, and then log in to the user portal.
To follow the self-enrollment steps, you need the following:
-
A device, such as a laptop, where you can connect to the user portal
-
Your iPhone or iPad, where you can install the SafeNet MobilePASS+ app
To self-enroll:
-
From your device, open the user portal using the link provided by your system administrator.
-
On the user portal start window, select Start.
-
Enter your Username and then select Login.
-
Select Add Authenticator.
The Confirm Your Identity screen displays.
The system sends you an email that contains a verification code.
-
Open the email and enter the verification code in the text box on the Confirm Your Identity screen.
-
Select Continue.
-
Select Submit.
-
Select iPhone or iPad.
The Set Up SafeNet MobilePASS+ on iOS screen displays.
The easiest way to install the MobilePASS+ app and to enroll a token is to scan a QR code image with your mobile device. To use QR codes, allow MobilePASS+ to access the camera on your mobile device. Go to Settings > MobilePASS+ and enable Camera permission.
-
Select Continue.
-
Open the camera app on your mobile device and then scan the QR code.
Apple App Store displays the SafeNet MobilePASS+ app on your device.
-
Select the download icon and then select Open.
Token enrollment proceeds automatically and, if push is enabled, a notification is sent to your mobile device.
Automatic enrollment
After your system administrator assigns you a token, you will receive a notification email.
-
Select the https:// link in the email.
The SafeNet Authentication Service Private Cloud Edition Self-Enrollment web page opens.
-
Select Enroll your SafeNet MobilePASS+ token.
-
Select Open to launch the SafeNet MobilePASS+ app.
-
Go to Activate your token.
QR code enrollment
QR code enrollment is available only if your token has been configured to include this feature.
After your system administrator assigns you a token, you will receive a notification email.
-
Open the enrollment email.
-
Select the https:// link in the email.
The SafeNet Authentication Service Private Cloud Edition Self-Enrollment web page opens.
-
Select iOS from the list of supported devices.
The QR code displays.
-
On your mobile device, open the SafeNet MobilePASS+ app.
-
Swipe the welcome screens until you get to the Quick Setup screen, and then select Activate Now.
-
Select Allow Access.
-
Point the camera at the QR Code on the SafeNet Authentication Service Private Cloud Edition Self-Enrollment web page.
The camera scans the QR Code and begins enrollment.
SafeNet MobilePASS+ guides you through the process to activate a token.
-
Go to Activate your token.
Copy-paste enrollment
As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.
-
Copy the activation string from the web page to your clipboard.
To copy the activation string:
- Long-tap the activation string.
- Drag the set of bounding handles to include the whole activation string.
- Tap the selected text again to copy the activation string to the clipboard. -
Open the SafeNet MobilePASS+ app.
The welcome screen displays.
-
Swipe the screens until you get to the Quick Setup screen and select Activate Now.
-
To allow auto-paste for the activation string, select Allow Paste.
Your mobile device automatically detects the activation string.
-
To start the authenticator activation, select Add.
-
Go to Activate your token.
Activate your token
The SafeNet MobilePASS+ app guides you through the steps to set up the authenticator and activate your token.
Some features are available only if your system administrators allows or requires them, such as push notifications, PINs, and fingerprint access.
-
On the Get Started screen, select Start.
-
On the One-Time Passcode screen, select Continue.
-
On the Push Authentication screen, select Continue.
-
Select Allow to receive notifications.
This message is shown for all iOS apps that use notifications. It enables you to activate the app’s notification function. This screen is shown only once per app.
-
On the Require Touch ID or Face ID to Open MobilePASS+ screen, select one of the following:
-
To require Touch ID or Face ID when you open or return to MobilePASS+, select Enable.
-
If you don't want to turn on this feature now, select Not Now.
Note
This screen appears only when you are enrolling your first token, and only if the token isn't a no PIN or server PIN token.
-
-
If your token is PIN-protected, enter a PIN code.
The type and number of characters required is stated on the screen.
Your token can be configured by your system administrator to work with a token PIN, server PIN, or no PIN. If configured for no PIN, you will not be prompted to enter a PIN.
-
Enter the code again.
-
-
If the Touch ID Access or Face ID Access screen is displayed, select Use Touch ID or Use Face ID. If you don't want to use touch ID or face ID, select Not Now and use your token PIN instead.
Note
A touch ID or face ID option is displayed only if your system administrator allows it and your device supports it.
-
Select Done.
Your new SafeNet MobilePASS+ token displays.
You can now use your token when you log in.
Create a token
-
Open the SafeNet MobilePASS+ app.
-
Select the Add icon .
-
Enroll a token, see Enrolling a SafeNet MobilePASS+ token.