Chapter 5: Using the MobilePASS feature
Software token enrollment
75
Configuring re-enrollment for existing MobilePASS tokens
To allow Active Directory MobilePASS users to re-enroll their software tokens
without administrative assistance, a new parameter must be added to the
sccservers.ini
file, and the parameter must be set to true. To ad the parameter,
do the following:
1
Locate the
sccservers.ini
file. It can be found at
<Install_Dir>\SafeWord\SERVERS\Shared
.
2
Open the
sccservers.ini
file using a text editor.
3
Add the following parameter to the bottom of the file:
AllowMobilePassReEnroll=true
4
Ensure that the parameter is set to
true
.
5
Restart the SafeWord Administration Server in Microsoft Services.
Allowing users to self-enroll
To allow users to self-enroll their Software tokens, do the following:
1
Confirm the users are stored in the Active Directory database or the internal
SafeWord database.
Note: If a user is stored in both the Active Directory and the SafeWord
database, the Portal can only be used for one database or the other. You
cannot use the Portal to enroll a user from both databases.
2
Ensure that there are sufficient Software token records available for each
user who will be self-enrolling. (See “Generating MobilePASS records” on
page 37.)
3
Provide software token users with the following:
•
The URL for the MobilePASS application download site, and
instructions for installing MobilePASS on their device.
Note: The SafeNet
MobilePASS Software Administration Guide
, available
at
www.aladdin.com/sw08-docs
, contains detailed MobilePASS information.
•
The URL for the Enrollment Portal:
https://<servername:port>/portal/enroll
. By default, port 5444 is
used.
•
Instructions for using the Enrollment Portal. See “Using the
Enrollment Portal” on page 72. (Optional, applies to manual
activation only).