Authenticators ("Tokens")
      Back to home
      1. Knowledge Base
      2. Authenticators ("Tokens")

      How do I activate a SurePassID mobile token?

      There are several ways you can do this. The options you have are manual deployment, automated and bulk deployment.  

      What are mobile tokens?

      Mobile tokens, commonly referred to as soft tokens, can be seamlessly installed on mobile applications such as SurePassID Authenticator by simply scanning a QR code. Each token is designed with distinct features and functionalities. SurePassID mobile tokens are versatile, supporting both One Time Passcode (OTP) and push authentication methods. these tokens will also incorporate support for Fido2 platform authenticators, allowing the secure storage of tokens within the device's secure element or Trusted Platform Module (TPM), whether on a laptop or mobile device.

      Furthermore, SurePassID mobile tokens can function alongside roaming authenticators, which encompass physical tokens like key fobs or smartcards. As an administrator, you have the autonomy to determine which mobile tokens are suitable for your users, tailoring the options to meet their specific requirements and preferences.

      SurePassID supports two different forms of QR codes. The first is the SurePassID Authenticator token format which is proprietary to SurePassID and uses a form of over-the-air provisioning and does not store the secret key information in the QR code but does require that the SurePassID Authenticator can reach the SurePassID MFA server. 

      The second format is Google Authenticator token format where the actual QR code contains secret key information (secret=) in base32 format. For example:  

      Text Box

      Google Authenticator format should only be used when over-the-air provisioning is not possible (on-prem/air gapped environments) because it is easily compromised by attackers.

      The SurePassID Authentication Server allows you to create both Google Authenticator and SurePassID token types.

      The SurePassID Authenticator mobile app supports both formats. This means SurePassID Authenticator can be used to store mobile tokens from other systems that provide a QR code that is in Goole Authenticator format.

      To review all the options for activating (deploying) tokens to your users is documented in the this: SurePassID Authenticator Guide