Skip to main content

Emergency Access Authentication Process

The following instructions describe the identity verification process using flow, which combines sending a one-time password to a mobile phone and getting OTP from the mobile application.

1. Insert username and press the button NEXT.

The language of the application can be changed by the [image.png] button from the profile menu [image.png]

image.png

2. Choose an identity verification method and press the NEXT button.

The methods and names of each method are defined by the administrators of each tenant, however, there are 3 basic types of authentication that can be combined:

  • sms authentication - sending One-Time-Password (OTP) to mobile phone
  • email authentication - sending the OTP to an email address
  • verification via verification questions and answers
  • OTP - using the one-time password generated in the TOTP types of tokens in the mobile application (or TOTP device)

For the OTP method, the validation will also check for token synchronization and if a discrepancy is detected (even though the OTP is still evaluated as valid) the user will be prompted to enter two consecutive new OTPs for token synchronization.

In case of only one configured authentication method, this selection step will be skipped

image.png

3. The application will offer a selection of all mobile numbers that have been entered during the enrollment process or that the user has entered in the Selfservice application as a contact.

image.png

4. Choose one of the numbers fill in the full phone number matching the selected phone number and press the SEND button. The validation of the correct phone number will run and if the number is OK, then the OTP will be sent.

If a text message with a one-time password does not arrive on your mobile phone within one minute, the app will offer you the option to send it again.

image.png

5. Fill in the OTP code that was sent to the selected phone number and press the NEXT button.

If the entered OTP is correct, the next flow step will be displayed to verify the user's identity via OTP from the mobile application.

image.png

6. Verification using OTP works by having the user fill in the OTP from the authenticator application from a mobile phone.

7. Fill in the OTP and press the NEXT button

image.png


8.  If all entered answers are correct, the identity verification process is finished and the user can choose any of the displayed actions.

Available actions:

  • RESET PASSWORD - the user can change their domain password to log into the application 
  • UNLOCK ACCOUNT - the user can unblock their blocked domain account (in case the account is locked)
  • VSEC UNBLOCK - the user can unblock and change the PIN of their vSEC card
  • EMERGENCY ACCESS - the user can get the emergency code for the login to the Selfservice and necessary operations with token recovery
  • LOGIN TO SELFSERVICE - the user will be redirected to the Selfservice application

image.png



Reset password:
  1. fill in the new password
  2. fill in the new password again for confirmation
  3. Press CONFIRM button

image.png


vSEC card PIN unblock:
  1. fill in the card serial number
  2. fill in the challenge number which is provided by vSEC:CMS application - the application will provide the checksum number to verify, that the challenge number is filled correctly (control checksum is provided by vSEC:CMS application as well)
  3. press the button CONFIRM
  4. the application will return the cryptogram number (and checksum)
  5. fill the cryptogram into the vSEC:CMS application and check the checksum number
  6. follow instructions for the PIN change in the vSEC:CMS application

If the Credentials reset process is triggered by a QR code generated from the vSEC:CMS application and the URL carries information about the card serial number and challenge number, this screen is skipped and the cryptogram is displayed directly.

image.png


Emergency access:

The application generates the emergency access code that can be as a standard OTP code within the login or in the approval process. The validity of the code is restricted to usage counts or specific dates.

The emergency code can be used to log in as a replacement for a standard OTP or as part of the approval process. Its validity is defined based on a template, BUT this code is deactivated when any of the following operations are performed:

  • when the OTP address in the token changes (virtual, SMS, email)
  • the new token is enrolled
  • the token is activated

image.png