Configure authenticator tokens

Learn how to enable the Authenticator app in the Pointsharp ID Admin GUI and in the User Portal.

PSID Admin GUI

  1. Open Pointsharp ID Admin GUI and go to the Tokens tab.

  2. Click Portal Settings. Define the options needed (for example if the activation code for the Authenticator will be used, or QR scanning, or both). Also define if a notification method should be used to inform the user, or to send out activation code.

Press the Help button in the PSID Admin for detailed information.

  1. Click Apply to save the changes in the configuration.

  2. Next, go to the section Mobile Token Settings also located under the Tokens tab.

    1. Notification: Define the notification method to be used.

    2. Notification Attribute: If an email notification is used add mail, and if SMS is used set mobile as the attribute.

If no notification exists – go to the tab Notification and add these first.

  1. When completed - click Apply. Then go to tab General and Restart the Pointsharp ID Service (including the Restart Web Service option).

  2. PSID Admin configuration complete.

  3. Go to next step: IIS Manager

IIS Manager

  1. Open the IIS Manager on the PSID Server and Click User Portal, and choose the Application Settings icon in the middle window of the IIS Manager.

  2. Search for the value: SECURITY_TOKEN_SELECTABLE_TYPES and add GoogleMobileToken if not already existing. Like this for example:

    HardwareToken,MobileToken,PointSharpLoginToken,GoogleMobileToken

    No spaces between the different tokens - just a comma.

  3. If TOTP Authenticators are to be used (recommended) go to the value: GOOGLE_MOBILE_TOKEN_TIME_BASED and set that value to true.

Adding the Authenticator to a user

Depending on the configuration in the Portal Settings in PSID Admin GUI - you can either send out the token to a user via Admin Portal, or the user can add it themselves via User Portal by either scanning a QR code or enter an activation code.

User Portal must run HTTPS in order for QR codes to work.

If sending out new tokens doesn’t work

When tokens such as Google or Microsoft Authenticator don’t work, or using the URL http://ps.cloudapp.net/ doesn’t work, the http://ps.cloudapp.net/ service has most likely been temporarily changed to a new location. Please use the new one explained here, until further notice.

GoogleHOTP

  1. Start Pointsharp ID Admin GUI as an administrator.

  2. Go to Tokens tab.

  3. Click GoogleHOTP and replace http://ps.cloudapp.net/ with the following: https://psidmtdenv.victorioussea-45581ce7.swedencentral.azurecontainerapps.io/

    You still need to keep the last parts of the URLs!

    For GoogleHOTP the URL would be: https://psidmtdenv.victorioussea-45581ce7.swedencentral.azurecontainerapps.io/4/ghqr/

GoogleTOTP

  1. Start Pointsharp ID Admin GUI as an administrator.

  2. Go to Tokens tab.

  3. Click GoogleTOTP and replace http://ps.cloudapp.net/ with the following: https://psidmtdenv.victorioussea-45581ce7.swedencentral.azurecontainerapps.io/

    You still need to keep the last parts of the URLs!

    For GoogleHOTP the URL would be: https://psidmtdenv.victorioussea-45581ce7.swedencentral.azurecontainerapps.io/4/gtqr/