This article describes how to set up Smart ID Mobile App or Smart ID Desktop App as authentication method in Smart ID Digital Access component.
For Smart ID Mobile App, you can set up two options for authentication: on the same device or on another device. To offer the end user both options, they must be set up as two separate methods. Using another device for authentication can be set up in two ways:
- QR code: The user initiates the authentication from Smart ID Mobile App by scanning the QR code. With this method, the user does not have to enter a username on the authentication page.
- Username: The user initiates the authentication by entering its username on the authentication page.
Prerequisites
Before setting up Smart ID Mobile App or Smart ID Desktop App, you need the following:
Step-by-step instruction
Set up Smart ID authentication
Set external DNS
Set the external DNS name, to enable external communication to the DNS.
- In Digital Access Admin, go to Manage system > Distribution Services.
- Click Manage Global Distribution Service Settings.
Enter the DNS name assigned in the previous step, and the port to use in Digital Access for external communication.
Enable Smart ID Mobile App or Smart ID Desktop App to an end user
Enable Smart ID Mobile App or Smart ID Desktop App to an end user
- In Digital Access Admin, go to Manage accounts and storage > User accounts.
- Enter the User ID and click Search.
- Click the User ID in the search results.
- Go to the PortWise Authentication tab.
- Scroll down and check Enable Personal for the user account.
- For Smart ID Mobile App, do the following additional steps:
- If you want to issue a new profile right away, check Create new profile.
- Select email notification, to send an email to the user with a QR code to activate Smart ID Mobile App:
Select Notification: By E-mail.
Click Save. - The user can now activate Smart ID Mobile App.
- To enable self-service, see Enable Smart ID Mobile App self-service in Digital Access.
- Click Publish.
Add Smart ID Mobile App or Smart ID Desktop App as an authentication method
To add Smart ID Mobile App or Smart ID Desktop App as an available authentication method:
- In Digital Access Admin, go to Manage System > Authentication Methods.
- Click Add Authentication Method...
- Select Personal Mobile or Personal Desktop (Smart ID Mobile App or Smart ID Desktop App). Click Next >.
- In General Settings, enter a Display Name. The display name is shown to end users when they log in.
- If you want Digital Access to validate a response using a CA certificate, check Enable Personal Certificate Authentication. Click the ?-sign for help.
Select the Certificate Authority that issued the certificates used in Smart ID Mobile App or Smart ID Desktop App,.
Only for Smart ID Mobile App: if you want to enforce authentication on the same device, check Enable authentication on same device and do the following settings:
In Wait for (seconds), enter a number of seconds for the image to be displayed before being redirected to Smart ID Mobile App.
- In Redirect Text, change the text if required.
- Click Add Authentication Method Server… Select an authentication server.
- Click Next >, Next > and Next >.
In Extended Properties add relevant properties for the authentication method.
User Attribute: mail
Certificate Attribute: subjectaltname-emailaddress
- Click Next > and then Finish Wizard.
- Click Publish, that is marked blue, showing that updates have been done.