Login page
--Image--
This is the login page. There are several ways to log in to the Vx system, which are described below. The login methods can be divided into groups:
| OTP tokens |
Tokens are authentication methods using mostly one-time codes (OTP) as confirmation of the user's identity. This method can be used if the user has enrolled one of the tokens during the enrollment process, e.g. Virtual token, SMS, Email or Google authenticator and/or MS authenticator. For this method is depending of configuration sometimes possible to use it as password-less - you can insert OTP directly into the Password field. |
| your-iam QR | your-iam.com QR is a method using a token enrolled in your-iam.com Authenticator. The application can retrieve the displayed QR and confirm the user's identity via the stored token. |
| Certificate | Certificates can be used as verification of the user's identity if the user has a certificate issued by Reist that contains the stored identity of the user confirmed by Reist. |
| FIDO2 | FIDO2 is an open standard for authentication that allows two-factor authentication using specialized devices (e.g. USB tokens, NFC/Bluetooth devices) that can be used as a second factor without an additional password. The option is applicable for users who have a FIDO2 token enrolled in Vx. |
| Emergency access | Emergency access is similar to tokens, therefore the same functionality is used. This is a situation where the user has requested an emergency access code for various reasons, where this code can be used instead of a code generated by an application such as google or ms authenticator. |
Login methods may vary depending on the configuration of each tenant
Login via your-iam QR
A prerequisite for logging in with your-iam.com token is your-iam.com token enrolled in Selfservice (or within Enrollment process) - see details here. (link to your-iam token in selfservice)
Login process
| 1 |
On signing page choose your-iam QR option (button). |
|
| 2 | The application display QR code | |
| 3 |
Scan the QR code with the your-iam.com Authenticator. If everything is correct, then the user will be logged into the Vx immediatelly. For the login on the mobile device where the your-iam.com Authenticator application is installed use the Login button - it will open the deeplink to the your-iam.com Authenticator app and the push notification will be created. Confirm the notification in the app and the access to Vx will be granted. |
Login via OTP
| 1 |
On signing page choose your-iam OTP option (button). |
|
| 2 |
Fill Username and Password and press Login button. |
|
| 3 |
Insert OTP code received to the mobile phone or email address (depend on the type of enrolled token) or authenticator app and press Login button. If everything is correct, then the user will be logged into the Vx immediatelly. |
|
| 3a |
In case that user has also your-iam.com Authenticator app registered on mobile phone and your-iam.com token is enrolled then the push notification is send to the application (in the mobile phone) - if user confirms the notification on mobile phone and everything is correct, then the user will be logged into the Vx immediatelly. |
|
| 3b |
In case that push notification is not resolved in your-iam.com Authenticator by user then after some time the SMS with OTP is sent to user's mobile phone. Insert the OTP from SMS to the Password/Code cell and press Login button. If everything is correct, then the user will be logged into the Vx immediatelly. |
Login process via username and OTP from authenticator app
| 1 | On signing page choose your-iam OTP option (button). | |
| 2 | Select the relevant certificate and press OK button. If everything is correct, then the user will be logged into the Vx immediatelly. |
Login via FIDO2 device
A prerequisite for logging in with FIDO2 is FIDO2 token enrolled in Selfservice (or within Enrollment process) - see details here. (link to fido)
Login process
| 1 | On signing page choose FIDO login option (button). | |
| 2 |
Insert FIDO2 token into USB port and select the External security key option. |
|
| 3 | Browser will ask user to touch the FIDO2 token. In case of devices with fingerprint reader then touch the device with the correct finger. In case of PIN protected device the system request the PIN code. If everything is correct, then the user will be logged into the Vx immediatelly. |
Login via Emergency access code
A prerequisite for logging in with Emergency access code is the generation of this code. There are two ways to obtain the code:
- In the Emergency access application after verifying the user's identity - see dectails here. (link)
- By contacting an operator who can generate the code in the operations console
The emergency code can be used to log in as a replacement for a standard OTP or as part of the approval process. Its validity is defined based on a template, BUT this code is deactivated when any of the following operations are performed:
- when the OTP address in the token changes (virtual, sms, email)
- the new token is enrolled
- the token is activated
Login process
| 1 | On signing page choose your-iam OTP option (button). | |
| 2 |
Fill Username and Emergency access code generated in the Emergency access application and press Login button. If everything is correct, then the user will be logged into the Vx immediatelly. Emergency access code can have a limited number of uses, so you need to perform the necessary operations after the first login - based on the reason for using the emergency access code - such as removing broken tokens and enrolling new ones, etc. |