As part of its robust support for multi-factor authentication (MFA), HelloID offers its users the ability to authenticate using Open Authentication (OATH) hardware tokens. These tokens are not vendor specific, so you have a lot of very cost-effective options to provide a quick, easy, and secure method of generating a one-time passwords.
Add Tokens to HelloID
Before a user can authenticate with an OATH hardware token, it must be added to your HelloID environment. This is done by uploading a CSV file within the HelloID Administrator Dashboard. A template of the CSV file is included with this article. This CSV is the same format used by Microsoft Azure MFA.
The following are the fields of the CSV file. Much of this data is provided to you by the manufacturer after you purchase the token, such as the secret key and time interval.
- upn: This is the login name of the user who owns the token. This field is case sensitive.
- serial number: This is the serial number of the specific token.
- secret key: The secret that the key uses to generate its passcode.
- timeinterval: The interval at which the passcode is refreshed.
- manufacturer: The name of the token's manufacturer.
- model: The name of the token's specific model.
Once you've added your token information to the CSV file, navigate to Security > 2FA Management.
On the Manage Second Factors, ensure that Hardware Token Authentication is enabled. Then, click Import OATH Tokens.
The next page will display a list of all of your currently enrolled tokens. To add new tokens, click the Import Tokens button. You will be prompted to upload a file. Find the CSV file that contains your hardware token information.
After selecting the CSV file, it will be uploaded to HelloID and parsed. The the upn field will be used to look up the target user in HelloID, and the token will be linked to their account. Upon login, they will have the option to authenticate using their token.