This page explains how to configure Airlock 2FA token migration, so users can enroll Airlock 2FA tokens without an activation letter.
Enrollments and thus activation letters may be valid for at most 90 days. The validity period is configurable.
Prerequisites
- ●User authentication with Airlock 2FA as a second factor is configured.
- ●Another way to authenticate users (e.g. username, password, and mTAN) is configured and used for users to be migrated.
- ●The basic Airlock 2FA settings exist.
Instruction
- 1.Go to:
- 2.Create or connect the Airlock 2FA Self-Service.
- 3.Go to (or create if necessary):
- 4.Add a new target authentication type Airlock 2FA Credential Migration.
- 5.Configure the latter according to your needs or use it with default values.
- 6.Activate the configuration.
- Token migration is now ready to use.
Loginapp >> Self-Service Settings
Loginapp >> Self-Service Settings >> Migration Hint Page Settings
Make sure that the user has been authenticated in a strong way before migration to Airlock 2FA is possible.
How to verify
- ●Log into the IAM Adminapp as administrator with corresponding access rights.
- ●Create a new user or use an existing one and make sure the user can be authenticated without using Airlock 2FA (i.e. via username, password and mTAN).
- ●Open tab Authentication Methods
- ●In section Authentication Method Migration: Select Migrate to Airlock 2FA
- ●Provide a due date if required.
- ●Click the Save button.
- ●Login with the user (Loginapp).
- ●The migration process should automatically be started after initial authentication.