Authenticators ("Tokens")
      Back to home
      1. Knowledge Base
      2. Authenticators ("Tokens")

      How to add SurePassID mobile OTP tokens to third-party authenticators and apps that cannot read a QR code, such as Bitwarden Password Manager.

      In typical usage, users scan QR codes provided by SurePassID via email, an activation link, or the administration portal. However, there may be instances where a user needs to add the mobile token to a different OTP token application, password manager, or host manager application that does not support QR code scanning.

      In these cases, users can manually enter the secret key for their OTP token. This secret key is a binary value, specifically a SHA hash, which needs to be encoded to be usable. The most common format for this encoding is Base32.

      By default, SurePassID does not reveal the secret key after an OTP token has been provisioned and utilized, primarily for security purposes. However, there are methods available to provide users with the secret key, enabling them to import it into third-party applications.

      How do I get the secret key to import into third party token apps?

      SurePassID provides a feature that allows you to securely send the secret key to the user assigned to the token through a Token Activation notification message. This approach offers several key benefits:

      1. The system administrator does not have access to the token's secret key and therefore is not responsible for providing it directly to the user.
      2. The token activation email can include the token's secret key along with detailed instructions on how to import it into third-party applications.
      3. From the SurePassID portal, the system administrator can manually send the token activation notification to each user. For larger-scale deployments, SurePassID can automatically include the secret key in the activation notification message sent to all users.
      4. Token notifications can be delivered through either email or SMS, providing flexibility for users to receive their activation messages in their preferred format.

      Updating the Token Activation email template

      (1) From the SurePassID portal, select Home->Customize Email Messages

      (2) Select the System Action drop and select Token Activation and Setup Instructions

      (3) Insert the <tokenkey/> placeholder into the template  into the email body (as well as any usage instruction for the user) and click Update button as shown below:

       Delivering the Token Activation Email to the User

      (1) Access the token associated with the user

      (2) Select the "Email Token Activation" link

       
      Delivering the Token Activation Email in bulk
      To proceed, utilize the SurePassID user import feature. For detailed guidance on this process, please refer to the following link. Import users into SurePassID
      Pay particular attention to the last page in the Import Users - Select Options and Send token set up instructions as indicated below: