Onboarding for End Users – with a Token2 programmable token

Requirements:

Users will need a Token2 programmable token. To enroll in MFA (subsequent logins will only require the hardware token), you will need an Android device with NFC* and the TOKEN2 NFC Burner app* (make sure you have the latest version, at least 2.1). This can be the same device for several users (the smartphone of a UserLock administrator for example).
[* Windows version is also available, but this guide will use Android as an example.]

To enable two-factor authentication:

1. Have your Android device with NFC and TOKEN2 NFC Burner 2 app installed and your hardware token ready.

2. Once MFA is enabled for a user account, at their next connection, a dialog box with a QR code will be displayed. Rather than downloading an authenticator application, the user must do the following.

   

3. Launch the NFC burner app on your Android device and hit the "scan QR" button.

   

4. Point the camera to the QR code shown on the DIALOG box. Upon a successful QR scan, the camera window should disappear.

   Alternatively, you can manually enter the code shown on the same page ("Manual Entry Key:") by hitting the "Base32" button on the app under the QR button.

5. Turn on the TOKEN2 token and place it on your phone, making sure it is over the NFC antenna. Then click "Connect" on the app.

   If the phone's NFC antenna does not completely align with the token, the connection will fail. Try moving the phone or token until you successfully connect the devices. Also make sure the NFC is enabled on the phone, and that the token is turned on. Click here for more information on the NFC link stability issues with Token 2 programmable tokens.

6. Upon successful connection, click the "BURN SEED" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window.

   

7. After completing the burning process, turn the token display off and turn it on again.

8. Enter the 6 digits code displayed by the token in the field in the dialog box, then click “Verify and continue“.

   

9. Thereafter, the user will be able to retrieve the code requested, from the Token2 programmable token itself.

   

• Multi-Factor Authentication
  • Implementing Multi-Factor Authentication
  • UserLock Push App
  • How to apply MFA for VPN
  • How to configure and install VPN Connect for MFA
  • How to apply MFA for IIS Apps such as OWA, RDWeb and Sharepoint
  • How to enable MFA for SSO
  • How to apply MFA for RemoteApp
  • How to apply MFA to Remote Desktop Gateway sessions
  • How to enroll remote users
  • Onboarding for End Users - Push Notifications with UserLock Push
  • Onboarding for End Users – with an Authenticator Application
  • Onboarding for End Users – with a Token2 programmable token
  • Onboarding for End Users – with HOTP Token2
  • Onboarding for End Users – with YubiKey
  • Onboarding for End Users - Recovery codes