Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Thales Authenticator Lifecycle Manager

Thales Authenticator Lifecycle Service

search

Thales Authenticator Lifecycle Service

Thales Authenticator Lifecycle Manager uses a client–service architecture to manage device interactions. The Thales Authenticator Lifecycle Manager Console is a user-facing application that allows users to initiate various operations. However, it does not interact with devices directly. Instead, the console sends requests to the Thales Authenticator Lifecycle Service, a local background service installed on the client machine.

The Client Service is responsible for all direct communication with devices. It executes the operations initiated by the console and then returns the results to the console for display. This separation of responsibilities keeps the console responsive while the service handles complex, low-level device communication, which often requires elevated system privileges.

Managing the Thales Authenticator Lifecycle Service requires administrative privileges and involves the following tasks:

Installation

On the Admin Dashboard, under the System Requirements, click Download for Windows.

The following files are downloaded on your local machine:

  • Thales Authenticator Lifecycle Service.exe: This file is used to install Thales Authenticator Lifecycle Service on the client machine.

  • Config.json: This file defines key connection settings and contains three fields.

    {
IssuerUrl:"https://ciam.test.onewelcome.com/oauth",
ApiBaseUrl:"https://console.test.onewelcome.com",
Port: 9333
}

    • IssuerUrl – The endpoint used to obtain a JWT (JSON Web Token) that enables secure communication with the APIs.

    • ApiBaseUrl - The endpoint used for communication with the application’s APIs. It defines the base address through which API requests are sent and responses are received.

    • Port (9333) – Used for a secure WebSocket communication with the UI, enabling real-time interaction.

    Caution

    Before starting the installation, ensure that,

    • The Thales Authenticator Lifecycle Service.exe and Config.json files are placed in the same folder.

    • The .json file name must be exactly Config.json.

    Note

    The Thales Authenticator Lifecycle Service and Thales Authenticator Lifecycle Manager User Interface establish a secure WebSocket connection on the configured port and interact with the Thales Authenticator Lifecycle Manager APIs through the specified IssuerUrl. To ensure that the connection is encrypted and secure, an SSL/TLS certificate is required.

    The installer provides two options for configuring this certificate:

    • Automatic Self-Signed Certificate (Default): For ease of installation and typical environments, the installer automatically generates a self-signed certificate with the subject CN=127.0.0.1. Install the certificate into the Personal certificate store of the local machine, and then add the certificate to the Trusted Root Certification Authorities store on the same machine to establish trust.

    • CA-Signed Certificate (Advanced): For environments with strict security policies, administrators can configure the service to use a certificate issued by a Certificate Authority (CA). Find the certificate’s full Subject ame (for example CN=my-server.my-domain.com, OU=IT, O=My Company, C=US) and then add it into the Registry, under HKEY_LOCAL_MACHINE\SOFTWARE\Thales\ThalesAuthenticatorLifecycleService, by updating the vale of the string, CASignedCertificateSubject to the certificate’s full Subject name.

    After configuring the certificate, ensure to restart Thales Authenticator Lifecycle Service.

Perform the following steps to install the Thales Authenticator Lifecycle Service using the installation wizard:

  1. Right-click the Thales Authenticator Lifecycle Service.exe file and select Run as administrator.

  2. The Thales Authenticator Lifecycle Service - Installation Wizard is displayed. Click Next.

  3. The License Agreement page is displayed, read the license agreement, select the I accept the terms in the license agreement option, and click Next.

  4. The Customer Information page is displayed.

    1. Enter the User Name.

    2. Enter the Organization name.

      Note

      Windows uses the user name and organization name information to identify the registered owner of the software. This data is stored in the system registry under the application's Uninstall key, which allows it to appear in the Programs and Features sections of Windows.

    3. Under Install this application for, select one of the following options as per your preferred configuration:

      • Anyone who uses this computer (all users)

      • Only for me (admin)

    4. Click Next.

  5. The Destination Folder page is displayed, showing the default installation folder. Click Next.

    Note

    You can click Change to select a different destination folder, or install the Thales Authenticator Lifecycle Service into the default folder, C:\Program Files\Thales\ThalesAuthenticatorLifecycleService\.

  6. Click Install to proceed with the installation.

    The installation is in progress.

  7. When the installation is complete, a confirmation message is displayed. Click Finish to exit the installation wizard.

Uninstallation

After Thales Authenticator Lifecycle Service is installed, it can be uninstalled.

Perform the following steps:

  1. From the Windows taskbar, select Start > Settings > Control Panel > Programs and Features. Locate and select the Thales Authenticator Lifecycle Service application, and click Uninstall.

  2. Enter your Admin credentials and follow the instructions to uninstall Thales Authenticator Lifecycle Service.

On this page