Flexible Identity
Multi-Factor Authentication
OTP software tokens guide
version 1.0
Publication History
Date
2014.02.07
Description
initial release
© Copyright Orange Business Services
Revision
1.0
2 of 96
welcome
Your company has chosen Orange Business Services Flexible Identity – Multi-Factor
Authentication service (aka FI-MFA) to help you protect your on-line identity and the networks,
applications and data you use from unauthorized access.
The information in this guide applies to the following OTP software tokens:

MobilePASS

MP (aka Multi-Platform)
The information in this guide is intended for:

end-users: people in your company that will use the FI-MFA service.

operators: people in your company that will manage your FI-MFA end-users.

administrators: people in your company that will manage the FI-MFA service.
If you are already comfortable with FI-MFA terminologies and OTP software tokens, you can
click one of the following icons for direct access to instructions related to your device:
Windows
Desktop
MobilePASS
Mac OS X
iOS
Android
BlackBerry
Not yet
supported
MP
© Copyright Orange Business Services
Windows
Phone
Not yet
supported
Not yet
described
Not yet
described
3 of 96
contents
overview .............................................................................................................................. 10
what is an OTP software token? ....................................................................................... 10
why use a OTP token? ..................................................................................................... 10
how does a OTP token protect me? ................................................................................. 10
what additional security features does my OTP token offer? .............................................. 10
what is the difference between a token code and an OTP?................................................ 11
what are the characteristics of my OTP token? .................................................................. 11
operation modes ........................................................................................................... 11
synchronization methods .............................................................................................. 11
what is self-enrollment? .................................................................................................... 12
how do I self-enroll my OTP token? ............................................................................... 12
how long will my OTP token continue to operate? .......................................................... 12
what if I have not received the “self-enrollment” email notification? ................................. 12
what is the Self-Service Portal? ......................................................................................... 13
why I can’t logon using my OTP token? ............................................................................ 14
I entered an incorrect OTP ............................................................................................ 14
my user account is locked ............................................................................................. 14
my OTP token is out of synchronization ......................................................................... 14
my OTP token has been suspended or revoked............................................................. 14
what are my responsibilities? ............................................................................................ 14
where should I store my OTP token? ............................................................................. 14
what if I forget my OTP token? ...................................................................................... 14
what if I lose my OTP token? ......................................................................................... 15
how should I protect my PIN? ....................................................................................... 15
how can I change my PIN?............................................................................................ 15
what if I forget my PIN? ................................................................................................. 15
MobilePASS for Windows Desktop ....................................................................................... 16
introduction ...................................................................................................................... 16
terminologies ................................................................................................................ 16
© Copyright Orange Business Services
4 of 96
supported platforms ...................................................................................................... 16
enrolling MobilePASS token for Windows Desktop ............................................................ 16
authenticating with a MobilePASS token ........................................................................... 20
“QUICKLog” operation mode ........................................................................................ 20
“challenge-response” operation mode ........................................................................... 22
MobilePASS application features ...................................................................................... 24
viewing MobilePASS application information .................................................................. 24
viewing MobilePASS token information .......................................................................... 24
renaming a MobilePASS token ...................................................................................... 24
resetting a MobilePass token PIN (token-side only) ........................................................ 25
deleting a MobilePass token .......................................................................................... 25
updating the MobilePASS application................................................................................ 25
uninstalling the MobilePASS application ............................................................................ 25
Self-Service Portal features ............................................................................................... 26
MobilePASS for iOS ............................................................................................................. 27
introduction ...................................................................................................................... 27
terminologies ................................................................................................................ 27
supported platforms ...................................................................................................... 27
enrolling MobilePASS token for iOS .................................................................................. 27
authenticating with a MobilePASS token ........................................................................... 30
“QUICKLog” operation mode ........................................................................................ 30
“challenge-response” operation mode ........................................................................... 31
MobilePASS application features ...................................................................................... 32
viewing MobilePASS application information .................................................................. 32
viewing MobilePASS token information .......................................................................... 32
renaming a MobilePASS token ...................................................................................... 33
resetting a MobilePass token PIN (token-side only) ........................................................ 33
deleting a MobilePass token .......................................................................................... 33
updating the MobilePASS application................................................................................ 34
uninstalling the MobilePASS application ............................................................................ 34
Self-Service Portal features ............................................................................................... 34
© Copyright Orange Business Services
5 of 96
MobilePASS for Android ....................................................................................................... 35
introduction ...................................................................................................................... 35
terminologies ................................................................................................................ 35
supported platforms ...................................................................................................... 35
enrolling MobilePASS token for Android ............................................................................ 35
authenticating with a MobilePASS Token .......................................................................... 38
“QUICKLog” operation mode ........................................................................................ 38
“challenge-response” operation mode ........................................................................... 39
MobilePASS application features ...................................................................................... 40
viewing MobilePASS application information .................................................................. 40
viewing MobilePASS token information .......................................................................... 40
renaming a MobilePASS token ...................................................................................... 41
resetting a MobilePass token PIN (token-side only) ........................................................ 41
deleting a MobilePass token .......................................................................................... 41
updating the MobilePASS application................................................................................ 42
uninstalling the MobilePASS application ............................................................................ 42
Self-Service Portal features ............................................................................................... 42
MobilePASS for BlackBerry .................................................................................................. 43
introduction ...................................................................................................................... 43
terminologies ................................................................................................................ 43
supported platforms ...................................................................................................... 43
installing MobilePASS application ...................................................................................... 43
enrolling MobilePASS token for BlackBerry........................................................................ 44
authenticating with a MobilePASS token ........................................................................... 46
“QuickLog” operation mode .......................................................................................... 46
“challenge-response” operation mode ........................................................................... 47
MobilePASS application features ...................................................................................... 48
viewing MobilePASS application information .................................................................. 48
viewing MobilePASS token information .......................................................................... 48
renaming a MobilePASS token ...................................................................................... 49
resetting a MobilePass token PIN (token-side only) ........................................................ 49
© Copyright Orange Business Services
6 of 96
deleting a MobilePass token .......................................................................................... 49
updating the MobilePASS application................................................................................ 51
uninstalling the MobilePASS application ............................................................................ 51
Self-Service Portal features ............................................................................................... 51
Self-Service Portal for MobilePASS ....................................................................................... 52
accessing the Self-Service Portal Web site ........................................................................ 52
resynchronizing a MobilePASS token ................................................................................ 52
resetting a MobilePass token PIN (server-side only) ........................................................... 53
sending temporary sign-in password by e-mail/SMS ........................................................ 53
MP for Windows Desktop..................................................................................................... 54
introduction ...................................................................................................................... 54
terminologies ................................................................................................................ 54
supported platforms ...................................................................................................... 54
enrolling MP token for Windows Desktop .......................................................................... 54
optimizing Internet Explorer Web browser ...................................................................... 54
starting enrollment process ........................................................................................... 55
authenticating with a MP token ......................................................................................... 59
“QUICKLog” operation mode ........................................................................................ 59
“challenge-response” operation mode ........................................................................... 61
Token application features ................................................................................................ 62
viewing Token application information............................................................................ 62
renaming a MP token .................................................................................................... 62
resetting a MP token PIN (token-side only) ..................................................................... 62
unlocking a MP token (token-side PIN) .......................................................................... 63
updating the Token application ......................................................................................... 63
uninstalling the Token application ...................................................................................... 63
Token Manager application features.................................................................................. 64
viewing MP token information ........................................................................................ 64
deleting a MP token ...................................................................................................... 64
Updating/uninstalling the Token application ....................................................................... 64
Self-Service Portal features ............................................................................................... 65
© Copyright Orange Business Services
7 of 96
MP for Mac OS X ................................................................................................................. 66
introduction ...................................................................................................................... 66
terminologies ................................................................................................................ 66
supported platforms ...................................................................................................... 66
enrolling MP token for Mac OS X ...................................................................................... 66
authenticating with a MP token ......................................................................................... 71
“QUICKLog” operation mode ........................................................................................ 71
“challenge-response” operation mode ........................................................................... 72
MP-1 application features ................................................................................................. 73
viewing MP-1 application information............................................................................. 73
viewing MP token information ........................................................................................ 73
renaming a MP token .................................................................................................... 74
resetting a MP token PIN (token-side only) ..................................................................... 74
deleting a MP token ...................................................................................................... 75
updating the MP-1 application .......................................................................................... 75
uninstalling the MP-1 application ....................................................................................... 75
Self-Service Portal features ............................................................................................... 75
MP for iOS ....................................................................................................................... 76
introduction ...................................................................................................................... 76
terminologies ................................................................................................................ 76
supported platforms ...................................................................................................... 76
enrolling MP token for iOS ................................................................................................ 76
authenticating with a MP token ......................................................................................... 79
“QUICKLog” operation mode ........................................................................................ 79
“challenge-response” operation mode ........................................................................... 81
MP-1 application features ................................................................................................. 82
viewing MP-1 application information............................................................................. 82
viewing MP token information ........................................................................................ 82
renaming a MP token .................................................................................................... 83
resetting a MP token PIN (token-side only) ..................................................................... 83
deleting a MP token ...................................................................................................... 84
© Copyright Orange Business Services
8 of 96
updating the MP-1 application .......................................................................................... 84
uninstalling the MP-1 application ....................................................................................... 84
Self-Service Portal features ............................................................................................... 84
MP for Android ................................................................................................................. 85
introduction ...................................................................................................................... 85
terminologies ................................................................................................................ 85
supported platforms ...................................................................................................... 85
enrolling MP token for Android .......................................................................................... 85
authenticating with a MP token ......................................................................................... 89
“QUICKLog” operation mode ........................................................................................ 89
“challenge-response” operation mode ........................................................................... 91
MP-1 application features ................................................................................................. 92
viewing MP-1 application information............................................................................. 92
viewing MP token information ........................................................................................ 92
renaming a MP token .................................................................................................... 93
resetting a MP token PIN (token-side only) ..................................................................... 93
deleting a MP token ...................................................................................................... 94
updating the MP-1 application .......................................................................................... 94
uninstalling the MP-1 application ....................................................................................... 94
Self-Service Portal features ............................................................................................... 94
Self-Service Portal for MP..................................................................................................... 95
accessing the Self-Service Portal Web site ........................................................................ 95
resynchronizing a MP token .............................................................................................. 95
resetting a MP token PIN (server-side only) ....................................................................... 96
sending temporary sign-in password by e-mail/SMS ........................................................ 96
© Copyright Orange Business Services
9 of 96
overview
what is an OTP software token?
An OTP software token:

allows you to generate OTPs.

is managed through a dedicated OTP application you have previously installed on your
device.

is usable only on the device upon which it was installed.
The advantage of OTP software tokens is mass deployment without hardware distribution. In
addition, OTP software tokens can be issued, revoked and reissued without restriction or the
need to recover the OTP software token from the end-user.
Multiple OTP software tokens can be installed on a single device.
why use a OTP token?
Until now, you have probably logged into your organization’s resources with your user name
and a fixed password. The problem is that passwords are easily compromised, putting your
identity and the resources you access at risk.
A OTP token allows you to generated and use One-Time Passwords (aka OTPs) each time you
log into your organization’s resources. As the name implies, an OTP can be used only one time.
Each time you log in, you use your OTP token to generate a unique OTP.
how does a OTP token protect me?
Password theft is a common method that thieves and hackers use to steal identities and gain
unauthorized access to networks and resources. Success depends on the stolen password
being valid, in the same way that credit card theft relies on the card being usable until it is
reported as stolen. Discovering the compromise is almost impossible until damage has been
done.
Using a OTP token solves this problem, because once you have logged in using an OTP, that
password is no longer valid. Any attempt to log in by reusing the OTP will fail, and it will alert
your network security professionals to a possible attack on your identity.
what additional security features does my OTP token offer?
Depending on your organization’s policies:
© Copyright Orange Business Services
10 of 96

your OTP token may be protected against unauthorized use by a Security PIN (aka PIN)
that is known only to you. Like a bank card, a thief not only needs access to your OTP
token, but must know your PIN as well. Do not share your PIN with others.

this PIN may be token-side (stored on your device) or server-side (stored on the FI-MFA
server).
what is the difference between a token code and an OTP?
The OTP value depends on the PIN protection of your OTP token:

no PIN-protection: in the OTP application installed on your device, you can directly access
your OTP token, and then generate token codes that will act as OTPs.

token-side PIN-protection: in the OTP application installed on your device, you have to
enter the PIN that protects your OTP token before generating token codes that will act as
OTPs.

server-side PIN-protection: in the OTP application installed on your device, you can directly
access your OTP token, and then generate token codes. Depending on your organization’s
policies, you need to enter your PIN either before or after the token code to form the OTP.
server-side PIN protection is recommended because the PIN is not stored locally and can be reissued by your
IT administrator in case of loss without reusing your OTP token too.
what are the characteristics of my OTP token?
The characteristics of your OTP token are defined by your organization and applied when your
OTP token is initialized.
operation modes
Depending on your organization’s policies, your OTP token may use one of the following
operation modes:

challenge-response: the system that requires your authentication provides a challenge and
waits for a response in return (asynchronous mode). Key the challenge into your OTP token
to get a token code that you will use as response. Please note that this mode is not
supported by all systems that require a logon password.

QUICKLog: it greatly simplifies your logon experience and strengthens security by
eliminating the requirement to have you key a challenge into your OTP token to get a token
code (synchronous mode). Moreover, it is supported by all systems that require a logon
password.
synchronization methods
Synchronization is only relevant for QUICKLog operation mode.
Depending on your organization’s policies, your OTP token may use one of the following
synchronization methods:
© Copyright Orange Business Services
11 of 96

event-based: the token code is generated each time you click the “Generate token code”
button in the OTP application installed on your device.

time-based: the token code changes at frequent intervals (token code lifetime depends on
your organization’s policies).
For each logon, the server compares the token code you submitted with the expected token
code. Occasionally you may generate a token code without using it, causing the token code to
be “ahead” or out of synchronization with the server during the next logon.
There is a secure mechanism through which the server and your OTP token can automatically
resynchronize during logon. Two OTP window types are managed by the server (window sizes
depend your organization’s policies):

inner OTP window: a token code found inside this window will be accepted and the server
is updated to adjust for your OTP token drift.

outer OTP window: handles situations where the token code is not found in the inner OTP
window. If a token code is found in this window, you’re prompted to provide the next token
code in sequence to successfully authenticate.
If the token code is not found in the outer OTP window:

OTP is considered as invalid.

you have to resynchronize your token.
what is self-enrollment?
Self-enrollment is a simple process during which you activate your OTP token. During the
process, you may be required to enter or create a PIN. When you complete the self-enrollment
process, you will be able to use your OTP token to generate token codes for login.
how do I self-enroll my OTP token?
The self-enrollment process begins when you receive your “self-enrollment” email notification.
The email contains instructions and your enrollment URL.
how long will my OTP token continue to operate?
Your OTP token will be able to generate OTPs until it is revoked by your IT administrator.
what if I have not received the “self-enrollment” email notification?
If you have not received a “self-enrollment” email notification, please contact your IT
administrator to arrange for a new email to be sent to you.
© Copyright Orange Business Services
12 of 96
what is the Self-Service Portal?
The Self-Service Portal is a Web site created to empower you to perform simple authentication
management functions (the range of available functions depends on your organization’s
policies) and in the process, reduce the workload and your reliance on the help desk.
The “self-enrollment” email notification contains the URL to access your Self-Service Portal.
© Copyright Orange Business Services
13 of 96
why I can’t logon using my OTP token?
They may be several causes of failed login.
I entered an incorrect OTP
This is the most common cause. To avoid this, ensure that:

“Caps lock mode” is disabled on your keyboard.

you enter right characters and keystrokes.

your OTP is correctly formed (in accordance with the PIN protection type of your OTP
token).
my user account is locked
You exceeded the maximum number of consecutive failed logon attempts. You must wait the
amount of time defined by your organization before your user account will unlock.
my OTP token is out of synchronization
There is no simple way on your side to check if your OTP token is out of synchronization. In
doubt, you can resynchronize it from your Self-Service Portal (if the function is available) before
contacting your IT administrator.
my OTP token has been suspended or revoked
Please contact your IT administrator.
what are my responsibilities?
Using your OTP token provides strong security, and simplifies your work efforts by reducing or
eliminating the need to remember or periodically change passwords. As an additional measure,
Orange recommends that you observe the following tips to ensure the highest level of security.
where should I store my OTP token?
You should keep your token separate from your computer. Do not leave it on your desk, or with
your computer bag. Treat it as you would your wallet, purse, or credit cards, and keep it with
you at all times.
what if I forget my OTP token?
Your OTP token is a primary security device designed to protect you and the resources you
access. Keep it with your car keys or purse or other valuable items that you use on a regular
basis to minimize the potential to forget it. If you do forget your OTP token, contact your IT
administrator.
© Copyright Orange Business Services
14 of 96
what if I lose my OTP token?
If you lose your token, report it immediately to your IT administrator:

he will take the necessary actions to ensure the lost token does not present a security risk.

Depending on your organization’s policies, he will provide you with a temporary alternative
for logging into the network until you receive a replacement token.
how should I protect my PIN?
If you have a PIN, protect it just as you would the PIN for your bank or credit card. Never share
it with anybody, including people you trust. This includes your colleagues and systems
administrators at your company and personnel who are, or claim to be representatives of
Orange or a Partner of Orange. You should be extremely suspicious of anyone who ever tells
you at they need to know your PIN, and you should report any such incident to your IT
administrator immediately. Never write down your PIN.
how can I change my PIN?
If you wish to change your PIN, or if you are concerned that it has been compromised, use the
“Reset PIN” function of your Self-Service Portal, or contact your IT administrator if this function
was not enabled by your organization’s policies.
what if I forget my PIN?
If you forget your PIN, use the “Send sign-in password by e-mail/SMS” function of your SelfService Portal or contact your IT administrator if this function was not enabled by your
organization’s policies.
© Copyright Orange Business Services
15 of 96
MobilePASS for Windows Desktop
introduction
MobilePASS for Windows Desktop users can generate OTPs directly on their Windows
Desktop, and use them to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MobilePASS token: refers to any MobilePASS OTP software token provided by FI-MFA.

Passcode: replaces the “token code” term.

MobilePASS application: refers to the OTP application you have to install on your Windows
Desktop before managing your MobilePASS tokens.
supported platforms
The MobilePASS application works with Windows XP, Windows Vista, Windows 7 and
Windows 8/8.1
enrolling MobilePASS token for Windows Desktop
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
If the MobilePASS application is already installed on your Desktop, ignore steps for downloading and
installing it, and then go to step 4.
© Copyright Orange Business Services
16 of 96
Step 2: click the “Download MobilePASS Installer (.msi)” link. The “.msi” file corresponding to
your system (32 or 64 bits) is automatically proposed for download. Click the “Save” button,
and then if necessary the “Browse” button to select a different destination folder.
Step 3: double click the “.msi” file name to launch the “InstallShield Wizard” at the end of the
downloading.
Click the “Next” button, read the license agreement carefully, select the “I accept the terms in
the license agreement” option, and then click the “Next” button.
If necessary click the “Change…” button to select a different destination folder, click the “Next”,
button and then click the “Install” button.
© Copyright Orange Business Services
17 of 96
On completion of the installation process, click the “Finish” button to leave the “InstallShield
Wizard”, and then switch to your Web browser.
Step 4: click the “Enroll your MobilePASS token” link to and then switch to the new opened
Launch Application” window.
Step 5: select the “MobilePASS” option, and then click the “OK” button, and then switch to the
new launched MobilePASS application.
Step 6: enter the new token name and click the “Activate” button.
The activation string is automatically pasted, and the Automatic Enrollment process begins.
© Copyright Orange Business Services
18 of 96
If your MobilePASS token is PIN-protected, enter your PIN, click the “Continue” button, you are
required to re-enter it for verification purposes, and then click the “Continue” button.
If successful, the following page is displayed:
Step 7: switch to your Web browser to close it.
Your MobilePASS token is now active and able to generate OTPs.
© Copyright Orange Business Services
19 of 96
authenticating with a MobilePASS token
“QUICKLog” operation mode
You have the ability to authenticate with your MobilePASS token against any systems that
require a logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: double-click the
icon in your Windows desktop to launch the MobilePASS
application, and then select your MobilePASS token (depending on your organization’s policies,
you may need to enter your PIN).
Copy the generated passcode to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then click the “OK” button.
© Copyright Orange Business Services
20 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
21 of 96
“challenge-response” operation mode
You have the ability to authenticate with your MobilePASS token only against systems that
support “challenge-response” operation mode (such as your Self-Service Portal described
below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, click the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: double-click the
icon in your Windows desktop to launch the MobilePASS
application, and then select your MobilePASS token (depending on your organization’s policies,
you may need to enter your PIN).
Paste the challenge code from the clipboard in the “Challenge Code” field, click the “Generate
Passcode” button, and then copy the generated passcode to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then click the “OK” button.
© Copyright Orange Business Services
22 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
23 of 96
MobilePASS application features
Double-click the
icon in your Windows desktop to launch the MobilePASS application.
viewing MobilePASS application information
From the homepage, click the
icon to display the MobilePASS application information.
viewing MobilePASS token information
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then click the icon to display the MobilePASS token information.
renaming a MobilePASS token
© Copyright Orange Business Services
24 of 96
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then click the icon. Enter the new token name, and then click the
“Continue” button.
resetting a MobilePass token PIN (token-side only)
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then click the
icon. Enter your current PIN, click the “Continue” button,
enter your new PIN, click the “Continue” button, you are required to re-enter it for verification
purposes, and then click the “Continue” button.
deleting a MobilePass token
This option should only be used on instruction from your IT administrator.
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then click the icon. Click the “Delete” button to confirm.
updating the MobilePASS application
This option should only be used on instruction from your IT administrator.
uninstalling the MobilePASS application
This option should only be used on instruction from your IT administrator.
Follow the Windows standard process to uninstall the MobilePASS Application.
© Copyright Orange Business Services
25 of 96
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MobilePASS” chapter (click here for direct access).
© Copyright Orange Business Services
26 of 96
MobilePASS for iOS
introduction
MobilePASS iOS users can generate OTPs directly on their iOS devices, and use them to
authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MobilePASS token: refers to any MobilePASS OTP software token provided by FI-MFA.

Passcode: replaces the “token code” term.

MobilePASS application: refers to the OTP application you have to install on your iOS
device before managing your MobilePASS tokens.
supported platforms
Web browser: Safari
enrolling MobilePASS token for iOS
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, tap the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
If the MobilePASS Application is already installed on your iOS device, ignore steps for downloading and
installing it, and then go to step 4.
© Copyright Orange Business Services
27 of 96
Step 2: tap the
icon to download the MobilePASS application from the Apple App store.
Step 3: from the Apple App store, tap the
icon.
On completion of the installation process, leave the Apple App store, and then switch to your
Web browser.
Step 4: tap the “Enroll your MobilePASS token” link, and then switch to the new launched
MobilePASS application.
Step 5: enter the new token name and tap the “Activate” button.
The activation string is automatically pasted, and the Automatic Enrollment process begins.
© Copyright Orange Business Services
28 of 96
If your MobilePASS token is PIN-protected, enter your PIN, and then you are required to reenter it for verification purposes.
If successful, the following screen is displayed:
Step 6: switch to your Web browser to close it.
Your MobilePASS token is now active and able to generate OTPs.
© Copyright Orange Business Services
29 of 96
authenticating with a MobilePASS token
“QUICKLog” operation mode
You have the ability to authenticate with your MobilePASS token against any systems that
require a logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: tap the
icon in your iOS Gallery to launch the MobilePASS application, and then
select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN).
Copy the generated passcode to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then tap the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
30 of 96
“challenge-response” operation mode
You have the ability to authenticate with your MobilePASS token only against systems that
support “challenge-response” operation mode (such as your Self-Service Portal described
below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, tap the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: tap the
icon in your iOS Gallery to launch the MobilePASS application, and then
select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN).
Paste the challenge code from the clipboard in the “Challenge Code” field, and then copy the
generated passcode to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then tap the “OK” button.
© Copyright Orange Business Services
31 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
MobilePASS application features
Tap the
icon in your iOS Gallery to launch the MobilePASS application.
viewing MobilePASS application information
From the homepage, tap the
icon to display the MobilePASS application information.
viewing MobilePASS token information
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), tap the
icon to access the menu options, and then the “Token information”
option to display the MobilePASS token information.
© Copyright Orange Business Services
32 of 96
renaming a MobilePASS token
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), tap the
icon to access the menu options, and then the “Change Token
Name” option. Enter the new token name.
resetting a MobilePass token PIN (token-side only)
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), tap the
icon to access the menu options, and then the “Change Token PIN”
option. Enter your current PIN, your new PIN, and then you are required to re-enter it for
verification purposes.
deleting a MobilePass token
This option should only be used on instruction from your IT administrator.
© Copyright Orange Business Services
33 of 96
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), tap the
icon to access the menu options, and then the “Delete Token”
option. Tap the “Delete” button to confirm.
updating the MobilePASS application
Updates are automatically managed by the Apple App store.
uninstalling the MobilePASS application
This option should only be used on instruction from your IT administrator.
Follow the iOS standard process to uninstall the MobilePASS application.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MobilePASS” chapter (click here for direct access).
© Copyright Orange Business Services
34 of 96
MobilePASS for Android
introduction
MobilePASS Android users can generate OTPs directly on their Android devices, and use them
to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MobilePASS token: refers to any MobilePASS OTP software token provided by FI-MFA.

Passcode: replaces the “token code” term.

MobilePASS application: refers to the OTP application you have to install on your Android
device before managing your MobilePASS tokens.
supported platforms
Web browsers: native, Chrome, Firefox, Opera, Skyfire, and Dolphin.
enrolling MobilePASS token for Android
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, tap the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
If the MobilePASS Application is already installed on your Android device, ignore steps for downloading and
installing it, and then go to step 4.
© Copyright Orange Business Services
35 of 96
Step 2: tap the
icon to download the MobilePASS application from the Google Play store.
Step 3: from the Google Play store, tap the “INSTALL” button, and then the “ACCEPT” button.
On completion of the installation process, leave the Google Play store, and then switch to your
Web browser.
Step 4: tap the “Enroll your MobilePASS token” link, and then switch to the new launched
MobilePASS application.
© Copyright Orange Business Services
36 of 96
Step 5: enter the new token name and tap the “Activate” button. The activation string is
automatically pasted, and the Automatic Enrollment process begins.
If your MobilePASS token is PIN-protected, tap the “Continue” button, you are required to reenter it for verification purposes, and then tap the “Continue” button.
If successful, the following screen is displayed:
Step 6: switch to your Web browser to close it.
Your MobilePASS token is now active and able to generate OTPs.
© Copyright Orange Business Services
37 of 96
authenticating with a MobilePASS Token
“QUICKLog” operation mode
You have the ability to authenticate with your MobilePASS token against any systems that
require a logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: tap the
icon in your Android Gallery to launch the MobilePASS application, and then
select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN).
Press the generated passcode until the “Copy Passcode” button is displayed, and then tap it to
copy the passcode to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then tap the “OK” button.
© Copyright Orange Business Services
38 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
“challenge-response” operation mode
You have the ability to authenticate with your MobilePASS token only against systems that
support “challenge-response” operation mode (such as your Self-Service Portal described
below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, tap the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: tap the
icon in your Android Gallery to launch the MobilePASS application, and
then select your MobilePASS token (depending on your organization’s policies, you may need
to enter your PIN).
Paste the challenge code from the clipboard in the “Challenge Code” field, tap the “Generate
Passcode” button, press the generated passcode until the “Copy Passcode” button is
displayed, and then tap it to copy the passcode to the clipboard.
© Copyright Orange Business Services
39 of 96
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then tap the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
MobilePASS application features
Tap the
icon in your Android Gallery to launch the MobilePASS application.
viewing MobilePASS application information
From the homepage, tap the
icon to display the MobilePASS application information.
viewing MobilePASS token information
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), press the standard “Menu” button on your Android device, and then tap the
icon to display the MobilePASS token information.
© Copyright Orange Business Services
40 of 96
renaming a MobilePASS token
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), press the standard “Menu” button on your Android device, and then tap the
icon. Enter the new token name, and then tap the “Continue” button.
resetting a MobilePass token PIN (token-side only)
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), press the standard “Menu” button on your Android device, and then tap the
icon. Enter your current PIN, tap the “Continue” button, enter your new PIN, tap the “Continue”
button, you are required to re-enter it for verification purposes, and then tap the “Continue”
button.
deleting a MobilePass token
This option should only be used on instruction from your IT administrator.
© Copyright Orange Business Services
41 of 96
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then tap the icon. Tap the “Delete” button to confirm.
updating the MobilePASS application
Updates are automatically managed by the Google Play store.
uninstalling the MobilePASS application
This option should only be used on instruction from your IT administrator.
Follow the Android standard process to uninstall the MobilePASS application.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MobilePASS” chapter (click here for direct access).
© Copyright Orange Business Services
42 of 96
MobilePASS for BlackBerry
introduction
MobilePASS for BlackBerry users can generate OTPs directly on their BlackBerry devices, and
use them to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MobilePASS token: refers to any MobilePASS OTP software token provided by FI-MFA.

Passcode: replaces the “token code” term.

MobilePASS application: refers to the OTP application you have to install on your Windows
Desktop before managing your MobilePASS tokens.
supported platforms
The MobilePASS application works with BlackBerry OS version 4.6 and higher.
Web browser: Opera Mini, Bolt, UC, and Uzard Web.
installing MobilePASS application
MobilePASS for BlackBerry allows users to automatically activate and enroll their software
tokens over Wi-Fi and wireless networks using the MobilePASS application. MobilePASS for
BlackBerry software tokens can be deployed:

Over-the-air OTA via the SafeNet-hosted server

OTA via your own internally-hosted server (providing for version control)

Via the BlackBerry Desktop Manager
The BES policy configuration is not available when deploying with Desktop Manager.

Via the BlackBerry Enterprise Server (BES) application push
The Automatic Authentication feature is only available for BES deployments.
The MobilePASS application is available at http://www2.safenet-inc.com/sas/getmp.html. The
zipped file includes folders for OTA, Desktop and BES packages. The MobilePASS for
BlackBerry zip consists of a combination of the following files:

MobilePASS.cod

MobilePASS.jad

MobilePASS.alx.
© Copyright Orange Business Services
43 of 96
Files are combined based on how the software will be installed on the BlackBerry device. If
installing OTA, the MobilePASS.cod file and the MobilePASS.jad file should be used. If installing
via the Desktop Manager, the MobilePASS.cod file and the MobilePASS.alx file should be used.
To distribute MobilePASS for BlackBerry, do the following:
1.
Determine how BlackBerry device users will download the MobilePASS application to
their device.
2.
Configure the appropriate files and/or policies if users will automatically enroll with the
automatic authentication feature on or off with their tokens.
3.
Post the appropriate files to a location where users can access them, and then inform
your MobilePASS for BlackBerry users that the software is available for downloading and
installing.
enrolling MobilePASS token for BlackBerry
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
Step 2: copy the activation string, ensuring that you select the entire string.
The last character “=” can be ignored during the copy operation.
Step 3: click the new token name and tap the “Activate” button. The activation string is
automatically pasted, and the Automatic Enrollment process begins.
© Copyright Orange Business Services
44 of 96
If your MobilePASS token is PIN-protected, enter your PIN, click the “Continue” button, you are
required to re-enter it for verification purposes, and then click the “Continue” button.
If successful, the following screen is displayed:
Step 4: switch to your Web browser to close it.
Your MobilePASS token is now active and able to generate OTPs.
© Copyright Orange Business Services
45 of 96
authenticating with a MobilePASS token
“QuickLog” operation mode
You have the ability to authenticate with your MobilePASS token against any systems that
require a logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: click the
icon visible on your BlackBerry device to launch the MobilePASS
application, and then select your MobilePASS token (depending on your organization’s policies,
you may need to enter your PIN).
Copy the generated passcode to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then click the “OK” button.
© Copyright Orange Business Services
46 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
“challenge-response” operation mode
You have the ability to authenticate with your MobilePASS token only against systems that
support “challenge-response” operation mode (such as your Self-Service Portal described
below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, click the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: click the
icon visible on your BlackBerry device to launch the MobilePASS
application, and then select your MobilePASS token (depending on your organization’s policies,
you may need to enter your PIN).
Paste the challenge code from the clipboard in the “Challenge Code” field, click the “Generate
Passcode” button, and then copy the generated passcode to the clipboard.
© Copyright Orange Business Services
47 of 96
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then click the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
MobilePASS application features
Click the
icon visible on your BlackBerry device to launch the MobilePASS application.
viewing MobilePASS application information
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then the “Token Information” option from the menu to display the
MobilePASS application information.
viewing MobilePASS token information
Follow the same instructions as the MobilePASS application information.
© Copyright Orange Business Services
48 of 96
renaming a MobilePASS token
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then the “Change Token Name” option from the menu. Enter the new
token name, and then tap the “Continue” button.
resetting a MobilePass token PIN (token-side only)
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then the “Change Token PIN” option from the menu. Enter your current
PIN, click the “Continue” button, enter your new PIN, click the “Continue” button, you are
required to re-enter it for verification purposes, and then click the “Continue” button.
deleting a MobilePass token
This option should only be used on instruction from your IT administrator.
© Copyright Orange Business Services
49 of 96
Select your MobilePASS token (depending on your organization’s policies, you may need to
enter your PIN), and then the “Delete Token” option from the menu. Click the “Delete” button to
confirm.
© Copyright Orange Business Services
50 of 96
updating the MobilePASS application
This option should only be used on instruction from your IT administrator.
uninstalling the MobilePASS application
This option should only be used on instruction from your IT administrator.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MobilePASS” chapter (click here for direct access).
© Copyright Orange Business Services
51 of 96
Self-Service Portal for MobilePASS
accessing the Self-Service Portal Web site
Open the “Self-enrollment” email notification you previously received, click the Self-Service
Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to your Web
browser to display the homepage.
resynchronizing a MobilePASS token
Step 1: from the Self-Service Portal homepage, click the “Resync Token” icon, enter your User
ID in the “User ID” field, click the “Next” button, enter the serial number of your MobilePASS
token in the “Serial” field (refer to the “viewing MobilePASS token information” chapter to
retrieve the serial number), and then click the “Next” button.
Step 2: select your MobilePASS token from your OTP application and generate the first token
code.
Step 3: enter this token code in the “First Token Code” field.
Step 4: generate the second token code.
Step 5: enter this token code in the “Second Token Code” field, and then click the “OK” button.
Step 6: in case of success, the “Token successfully synchronized.” message is displayed. You
can close your Web browser.
© Copyright Orange Business Services
52 of 96
resetting a MobilePass token PIN (server-side only)
Step 1: from the Self-Service Portal homepage, click the “Reset PIN” button, the “Sign in using
your token” button, and then authenticate against your Self-Service Portal.
In case of success, the “Create New PIN” page is displayed.
Step 2: enter your new PIN, you are required to re-enter it for verification purposes, and then
click the “OK” button.
Step 3: in case of success, the “Your Security PIN has been successfully reset.” message is
displayed. Click the “Sign-out” button before closing your Web browser.
sending temporary sign-in password by e-mail/SMS
This temporary sign-in password is valid during 10 minutes, only for authentication against the Self-Service
Portal (useful to reset a forgotten PIN).
Step 1: from the Self-Service Portal homepage, click the “Sign In” button, the “Send Sign in
password by e-mail” or “Send Sign in password by SMS”, enter your User ID, and then click
the “Send” button.
Step 2: you have or will receive a “Self-service Temporary Sign In Password” email notification
or SMS including your temporary sign-in password.
Step 3: from the Self-Service Portal homepage, click the “Sign In” button, the “Sign in using
your token” button, and then authenticate using your temporary sign-in password as OTP.
© Copyright Orange Business Services
53 of 96
MP for Windows Desktop
introduction
MP (aka Multi-Platform) for Windows Desktop users can generate OTPs directly on their
Windows Desktop, and use them to authenticate to FI-MFA-protected applications and
resources.
terminologies
In this section:

MP token: refers to any MP OTP software token provided by FI-MFA.

Token application: refers to the OTP application you have to install on your Windows
Desktop before managing your MP tokens. An additional application called Token Manager
offers some MP token management features. Both Token and Token Manager applications
are installed thanks a third one called Software Tools.
supported platforms
The MP application works with Windows XP, Windows Vista, Windows 7 and Windows 8/8.1
enrolling MP token for Windows Desktop
optimizing Internet Explorer Web browser
If you are using Internet Explorer to enroll your MP token, the following optimization instructions
will allow some enrollment steps be automated in a transparent manner.
© Copyright Orange Business Services
54 of 96
Open your Internet Explorer Web browser, select the “Tools” > “Internet Options” menu option
from the command bar, the “Security” tab, the “Trusted Sites” zone, click the “Sites” button,
enter the https://se.safenet-inc.com URL, and then click the “Add” button. The Self-enrollment
Web site is now member of the “Trusted sites” security zone of your Internet Explorer Web
browser.
starting enrollment process
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
Step 2: select the “Install Locally” option, and then click “Next”.
If the MP application is already installed on your Desktop, ignore steps for downloading and installing it,
and then go to step 4. In addition, if you’re using an optimized Internet Explorer Web browser, steps for
downloading, installing and activating the MP token file are automated in a transparent manner, and then go
step 7.
© Copyright Orange Business Services
55 of 96
Click the “Download Software Tools” link. The “.msi” file corresponding to your system (32 or
64 bits) is automatically proposed for download. Click the “Save” button, and then if necessary
the “Browse” button to select a different destination folder.
Step 3: double click the “.msi” file name to launch the “InstallShield Wizard” at the end of the
downloading.
You must have administrator rights on your Windows Desktop to run the “Install Shield Wizard”.
Click the “Next” button, read the license agreement carefully, select the “I accept the terms in
the license agreement” option, and then click the “Next” button.
© Copyright Orange Business Services
56 of 96
If necessary click the “Change…” button to select a different destination folder, click the “Next”
button, and then click the “Install” button.
On completion of the installation process, click the “Finish” button to close the “InstallShield
Wizard”, switch to your Web browser and then click the “Next” button.
Step 4: click the “Download” button, and then click the “Next” button.
the alert message above may be displayed by not optimized Internet Explorer Web browser: close it each
time it appears.
© Copyright Orange Business Services
57 of 96
Step 5: memorize the displayed PIN.
Switch to the “Opening MP Token” pop-up window, select the “Open with BlackShield Token
(default)” option, click the “OK” button, enter the PIN you memorized in the “PIN required” popup window, and then click the “OK” button.
Step 6: from the Token application, select the MP token you’re enrolling, click the “Generate
Token Code” button. If your MP token is token-side PIN protected and depending on your
organization’s policies, you may be required to change the PIN on first use: enter your new PIN
(you are required to re-enter it for verification purposes).Click the
button to copy the token
code to the clipboard.
© Copyright Orange Business Services
58 of 96
From the self-enrollment Web site, paste the token code from the clipboard in the “OTP” field
(depending on your organization’s policies, you may need to memorize and enter the displayed
PIN either before or after the token code), and then click the “Next” button.
Step 7: if your MP token is server-side PIN-protected and depending on your organization’s
policies, you may be required to change the PIN on first use: enter your new PIN (you are
required to re-enter it for verification purposes), and then click the “Next” button.
If successful, the following page is displayed:
Step 7: memorize your User ID before closing your Web browser.
Your MP token is now active and able to generate OTPs.
authenticating with a MP token
“QUICKLog” operation mode
You have the ability to authenticate with your MP token against any systems that require a
logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: click the
icon in your Windows taskbar to launch the Token application, select your
MP Token (depending on your organization’s policies, you may need to enter your PIN), and
then click the “Generate Token Code” button.
© Copyright Orange Business Services
59 of 96
Click the
button to copy the generated token code to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then click the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
60 of 96
“challenge-response” operation mode
You have the ability to authenticate with your MP token only against systems that support
“challenge-response” operation mode (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, click the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: click the
icon in your Windows taskbar to launch the Token application, select your
MP Token (depending on your organization’s policies, you may need to enter your PIN), paste
the challenge code from the clipboard in the “Challenge” field, click the “OK” button, and then
click the
button to copy the generated token code to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then click the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
61 of 96
Token application features
Click the
icon in your Windows taskbar to launch the Token application.
viewing Token application information
Click the “Help” toolbar option, and then the “About” menu option.
renaming a MP token
Select your MP token, click the “Tools” toolbar option, and then the “Rename Token” menu
option. Enter the new token name, and then click the “OK” button.
resetting a MP token PIN (token-side only)
Select your MP token, click the “Tools” toolbar option, and then the “Change PIN“ menu option.
Enter your current PIN, your new PIN (you are required to re-enter it for verification purposes),
and then click the “OK” button.
© Copyright Orange Business Services
62 of 96
unlocking a MP token (token-side PIN)
Depending on your organization’s policies, your MP token can be unlocked without having to
redeploy the MP token file to you.
Select your MP token, click the “Tools” toolbar option, and then the “Unlock Token“ menu
option.
Send the “Unlock Challenge” value to your IT administrator. Once your identity has been
verified (to be certain that the person in possession of the MP token is the rightful owner), your
IT administrator will send a “Server Response” Code to you. Enter it in the “Server Response”
field and then click the “OK” button. Enter your new PIN (you are required to re-enter it for
verification purposes), and then click the “OK” button in the “Change PIN” pop-up window.
updating the Token application
As part of the SAS Software Tools application, the Token application can’t be updated separately.
This option should only be used on instruction from your IT administrator.
uninstalling the Token application
As part of the SAS Software Tools application, the Token application can’t be uninstalled separately.
This option should only be used on instruction from your IT administrator.
Follow the Windows standard process to uninstall the SAS Software Tools application.
© Copyright Orange Business Services
63 of 96
Token Manager application features
Click the
button in the Control Panel of your Windows Desktop to
launch the Token Manager application.
viewing MP token information
Select your MP token, and then click the “Token Information” button (or click the “Options”
toolbar option, and then the “Token Info” menu option).
deleting a MP token
This option should only be used on instruction from your IT administrator.
Select your MP token, and then click the “Remove Token” button (or click the “File” toolbar
option, and then the “Remove Token” menu option). Click the “Yes” button to confirm in the
“Remove Token” pop-up window.
Updating/uninstalling the Token application
As part of the SAS Software Tools application, the Token application can’t be updated/uninstall separately.
This option should only be used on instruction from your IT administrator.
© Copyright Orange Business Services
64 of 96
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MP” chapter (click here for direct access).
© Copyright Orange Business Services
65 of 96
MP for Mac OS X
introduction
MP (aka Multi-Platform) for Mac OS X users can generate OTPs directly on their Mac computer,
and use them to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MP token: refers to any MP OTP software token provided by FI-MFA.

OTP: replaces the “token code” term.

MP-1 application: refers to the OTP application you have to install on your Mac computer
before managing your MP tokens.
supported platforms
The MP application works with Mac OS X v10.7 Lion, and OS X v10.8 Mountain Lion.
Web browser: Safari
enrolling MP token for Mac OS X
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, click the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
Step 2: select the “Mac OS X Lion” option, and then click the “Next” button.
Switch to your mailbox after reading instructions.
© Copyright Orange Business Services
66 of 96
If the MP-1 application is already installed on your Mac computer, ignore steps for downloading and
installing it, and then go to step 5.
Step 3: you have or will receive a “Token Installation for Mac OS X” email notification. Open it,
and then click the https://se.safenet-inc.com/selfEnrollment/MP-1.pkg” link (Step 1 in the email)
to start downloading the MP-1 Application.
Step 4: at the end of the download, click the down arrow in the upper right corner of your
Safari browser to display the downloads, and then click the “MP-1.pkg” file to launch the “MP1 Installer”.
Click the “Continue” button twice, the “Read License” button, read the “software license
agreement” carefully, and then click the “Agree” button.
Select the Disk where you want to install the MP-1 Application, click the “Continue” button, if
necessary click the “Change Install Location…” button to select a different installation type, and
then click the click “Install” button.
© Copyright Orange Business Services
67 of 96
On completion of the installation process, click the “Close” button.
Switch to the “Token Installation for Mac OS X” email.
Step 5: copy the MP Token Import Code (by highlighting the text to include the first and last
characters, up to and including the trailing BSID characters at the end of the code).
Step 6: click the
icon in the Dock to launch the MP-1 application.
© Copyright Orange Business Services
68 of 96
Step 7: click the “+” button, the “Paste” button (to paste the MP Token Import Code), and then
the “Continue” button (to import the MP token).
Memorize the displayed PIN and then click the “Continue” button. If your MP token is tokenside PIN-protected, you may be required to change the PIN on first use: enter the PIN you
memorized, your new PIN (you are required to re-enter it for verification purposes) and then
click the “Continue” button.
Step 8: your MP token is now active and able to generate OTPs (MP token indicator is green).
© Copyright Orange Business Services
69 of 96
Switch to your Web browser and close it.
© Copyright Orange Business Services
70 of 96
authenticating with a MP token
“QUICKLog” operation mode
You have the ability to authenticate with your MP token against any systems that require a
logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: click the
icon in the Dock to launch the MP-1 application, and then select your MP
Token (depending on your organization’s policies, you may need to enter your PIN).
Click the ”Copy” button to copy the generated OTP to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the OTP from the
clipboard in the “OTP” field (depending on your organization’s policies, you may need to enter
your PIN either before or after the OTP), and then click the “OK” button.
© Copyright Orange Business Services
71 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
“challenge-response” operation mode
You have the ability to authenticate with your MP token only against systems that support
“challenge-response” operation mode (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Click the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, click the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: click the
icon in the Dock to launch the MP-1 application, and then select your MP
Token (depending on your organization’s policies, you may need to enter your PIN), paste the
challenge from the clipboard to the “Challenge Code” field, click the “Continue” button, and
then the “Copy” button to copy the generated OTP to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then click the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
72 of 96
MP-1 application features
Click the
icon in the Dock to launch the MP-1 application.
viewing MP-1 application information
Click the “MP-1.app” entry in the “Applications” directory.
viewing MP token information
The serial number displayed under your MP token name is the only MP token information
available.
© Copyright Orange Business Services
73 of 96
renaming a MP token
Select your MP token, click the “Continue” button, the ”Settings” gear, and then the “Rename”
menu option (depending on your organization’s policies, you may need to enter your PIN). Enter
the new token name and then click the “Continue” button.
resetting a MP token PIN (token-side only)
Select your MP token, click the “Continue” button, the ”Settings” gear, and then the “Change
PIN” menu option. Enter your current PIN, your new PIN (you are required to re-enter it for
verification purposes), and then click the “Continue” button.
© Copyright Orange Business Services
74 of 96
deleting a MP token
This option should only be used on instruction from your IT administrator.
Select your MP token, click the “-” button, check the “Remove Token” box and then click the
“Continue” button.
updating the MP-1 application
This option should only be used on instruction from your IT administrator.
uninstalling the MP-1 application
This option should only be used on instruction from your IT administrator.
Follow the Mac OS X standard process to uninstall the MP-1 application.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MP” chapter (click here for direct access).
© Copyright Orange Business Services
75 of 96
MP for iOS
introduction
MP (aka Multi-Platform) iOS users can generate OTPs directly on their iOS devices, and use
them to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MP token: refers to any MP OTP software token provided by FI-MFA.

OTP: replaces the “token code” term.

MP-1 application: refers to the OTP application you have to install on your iOS device
before managing your MP tokens.
supported platforms
Web browser: Safari
enrolling MP token for iOS
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, tap the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
Step 2: select the “iPhone” option, and then click the “Next” button.
Switch to your mailbox after reading instructions.
© Copyright Orange Business Services
76 of 96
If the MP-1 application is already installed on your iOS device, ignore steps for downloading and installing it,
and then go to step 5.
Step 3: you have or will receive a “Token Installation for Mac OS X” email notification. Open it,
and then tap the
icon (Step 1) to download the MP-1 Application.
Step 4: from the Apple App store, tap the “FREE” button, and then the “INSTALL APP” button.
Switch to the “Over-The-Air (OTA) Installation” mail.
Step 5: tap the https://se.safenet-inc.com/... link (Step 2) and then switch to your Web browser
to start the download of your MP token file (“.7mp” extension).
© Copyright Orange Business Services
77 of 96
Step 6: tap the “Open in MP-1” button to install your MP token. If your MP token is token-side
PIN protected and depending on your organization’s policies, you may be required to change
the PIN on first use: enter your new PIN, tap “Done”, you are required to re-enter it for
verification purposes, and then tap “Done”.
If successful, the following screen is displayed:
Step 7: switch to your Web browser and close it.
Your MP token is now active and able to generate OTPs
© Copyright Orange Business Services
78 of 96
authenticating with a MP token
“QUICKLog” operation mode
You have the ability to authenticate with your MP token against any systems that require a
logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: tap the
icon in your iOS Gallery to launch the MP-1 application, and then select
your MP Token (depending on your organization’s policies, you may need to enter your PIN).
Copy the generated OTP to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then tap the “OK” button.
© Copyright Orange Business Services
79 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
80 of 96
“challenge-response” operation mode
You have the ability to authenticate with your MP token only against systems that support
“challenge-response” operation mode (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, tap the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: tap the
icon in your iOS Gallery to launch the MP-1 application, and then select
your MP Token (depending on your organization’s policies, you may need to enter your PIN),
paste the challenge code from the clipboard in the “Challenge Code” field, tap the “Done”
button, and then copy the generated OTP to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then tap the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
81 of 96
MP-1 application features
Tap the
icon in your iOS Gallery to launch the MP-1 application.
viewing MP-1 application information
Pad the
icon in the bottom right corner.
viewing MP token information
Edit your MP Token, and then tap the “Operation” tile.
© Copyright Orange Business Services
82 of 96
renaming a MP token
Edit your MP Token, tap the “Rename Token” tile, enter your new token name, and then tap
the “Done” button.
resetting a MP token PIN (token-side only)
Edit your MP Token, tap the “Change PIN” tile, enter your new PIN, tap the “Done” button, reenter your new PIN (for verification purposes), and then tap the “Done” button again.
© Copyright Orange Business Services
83 of 96
deleting a MP token
This option should only be used on instruction from your IT administrator.
Tap the tile of the MP token you want to delete, the “Edit” button, the
button, and the “Delete Token” button to confirm.
icon, the “Delete”
updating the MP-1 application
Updates are automatically managed by the Apple App store.
uninstalling the MP-1 application
This option should only be used on instruction from your IT administrator.
Follow the iOS standard process to uninstall the MP-1 application.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MP” chapter (click here for direct access).
© Copyright Orange Business Services
84 of 96
MP for Android
introduction
MP (aka Multi-Platform) Android users can generate OTPs directly on their Android devices,
and use them to authenticate to FI-MFA-protected applications and resources.
terminologies
In this section:

MP token: refers to any MP OTP software token provided by FI-MFA.

OTP: replaces the “token code” term.

MP-1 application: refers to the OTP application you have to install on your Android device
before managing your MP tokens.
supported platforms
Web browser: native, Chrome, Firefox, Opera, Skyfire, and Dolphin.
enrolling MP token for Android
Step 1: you have or will receive a “Self-enrollment” email notification. Open it, tap the selfenrollment Web site link (beginning with https://se.safenet-inc.com/...), and then switch to your
Web browser to start the self-enrollment process.
Step 2: select the “Android” option, and then click the “Next” button.
Switch to your mailbox after reading instructions.
© Copyright Orange Business Services
85 of 96
If the MP-1 application is already installed on your Android device, ignore steps for downloading and
installing it, and then go to step 5.
Step 3: you have or will receive a “Over-The-Air (OTA) Installation for Android Device” email
notification. Open it, and then tap the
icon (Step 1) to download the MP-1 Application.
Step 4: from the Google Play store, tap the “INSTALL” button, and the “ACCEPT” button (if
App permissons are requested). On completion of the installation process, close the Google
Play store (without opening the MP-1 application).
Switch to the “Over-The-Air (OTA) Installation” mail.
© Copyright Orange Business Services
86 of 96
Step 5: select the code in the “step 2” section (by highlighting the text to include the first and
last characters, up to including the trailing BSID characters at the end of the code) and then
copy it to the clipboard.
Step 6: tap the
icon in your Android Gallery to launch the MP-1 application, the “Import”
button (the “Token Import Code” was automatically pasted from the clipboard), the “Import”
button again, in the button to install your MP token. If your MP token is token-side PIN
protected and depending on your organization’s policies, you may be required to change the
PIN on first use: enter your new PIN, tap “Done”, you are required to re-enter it for verification
purposes, and then tap “Done”.
If successful, the following screen is displayed:
© Copyright Orange Business Services
87 of 96
Step 7: switch to your Web browser and close it.
Your MP token is now active and able to generate OTPs
© Copyright Orange Business Services
88 of 96
authenticating with a MP token
“QUICKLog” operation mode
You have the ability to authenticate with your MP token against any systems that require a
logon password (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, click the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, and then the “Sign in
using your token” button.
Step 2: tap the
icon in your Android Gallery to launch the MP-1 application, then select
your MP Token (depending on your organization’s policies, you may need to enter your PIN).
Copy the generated OTP to the clipboard.
From the Service Portal Web, enter your User ID in the “User ID” field, paste the passcode from
the clipboard in the “OTP” field (depending on your organization’s policies, you may need to
enter your PIN either before or after the passcode), and then tap the “OK” button.
© Copyright Orange Business Services
89 of 96
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
90 of 96
“challenge-response” operation mode
You have the ability to authenticate with your MP token only against systems that support
“challenge-response” operation mode (such as your Self-Service Portal described below).
Step 1: open the “Self-enrollment” email notification you previously received, tap the SelfService Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to
your Web browser to display the homepage. Tap the “Sign In” button, the “Sign in using your
token” button, enter your User ID in the “User ID” field, tap the “OK” button without entering
any value in the “OTP” field, and then copy the displayed challenge to the clipboard.
Step 2: tap the
icon in your Android Gallery to launch the MP-1 application, and then
select your MP Token (depending on your organization’s policies, you may need to enter your
PIN), paste the challenge code from the clipboard in the “Challenge Code” field, tap the “Done”
button, and then copy the generated OTP to the clipboard.
From the Service Portal Web, paste the passcode from the clipboard in the “OTP” field, and
then tap the “OK” button.
Step 3: if successful, the homepage of your Self-Service Portal is displayed again, but the “Sign
In” button has been replaced by the “Sign Out” one.
© Copyright Orange Business Services
91 of 96
MP-1 application features
Tap the
icon in your Android Gallery to launch the MP-1 application.
viewing MP-1 application information
Pad the
icon in the bottom right corner.
viewing MP token information
Edit your MP Token, and then tap the “Operation” tile.
© Copyright Orange Business Services
92 of 96
renaming a MP token
Edit your MP Token, tap the “Rename Token” tile, enter your new token name, and then tap
the “Done” button.
resetting a MP token PIN (token-side only)
Edit your MP Token, tap the “Change PIN” tile, enter your new PIN, tap the “Done” button, reenter your new PIN (for verification purposes), and then tap the “Done” button again.
© Copyright Orange Business Services
93 of 96
deleting a MP token
This option should only be used on instruction from your IT administrator.
Tap the tile of the MP token you want to delete, the “Edit” button, the
button, and the “Delete Token” button to confirm.
icon, the “Delete”
updating the MP-1 application
Updates are automatically managed by the Google Play store.
uninstalling the MP-1 application
This option should only be used on instruction from your IT administrator.
Follow the Android standard process to uninstall the MP-1 application.
Self-Service Portal features
Refer to the “FI-MFA Service Portal for MP” chapter (click here for direct access).
© Copyright Orange Business Services
94 of 96
Self-Service Portal for MP
accessing the Self-Service Portal Web site
Open the “Self-enrollment” email notification you previously received, click the Self-Service
Portal Web site link (beginning with https://ss.safenet-inc.com/...), and then switch to your Web
browser to display the homepage.
resynchronizing a MP token
Step 1: from the Self-Service Portal homepage, click the “Resync Token” icon, enter your User
ID in the “User ID” field, click the “Next” button, enter the serial number of your MP token in the
“Serial” field (refer to the “viewing MP token information” chapter to retrieve the serial number),
and then click the “Next” button.
Step 2: copy the displayed challenge to the clipboard.
Step 3: select your MP token from your OTP application, select the “Resync Token” option,
paste the challenge code and generate the response code.
Step 4: enter this response code in the “Response” field, and then click the “OK” button.
Step 5: in case of success, the “Token successfully synchronized.” message is displayed. You
can close your Web browser.
© Copyright Orange Business Services
95 of 96
resetting a MP token PIN (server-side only)
Step 1: from the Self-Service Portal homepage, click the “Reset PIN” button, the “Sign in using
your token” button, and then authenticate against your Self-Service Portal.
In case of success, the “Create New PIN” page is displayed.
Step 2: enter your new PIN, you are required to re-enter it for verification purposes, and then
click the “OK” button.
Step 3: in case of success, the “Your Security PIN has been successfully reset.” message is
displayed. Click the “Sign-out” button before closing your Web browser.
sending temporary sign-in password by e-mail/SMS
This temporary sign-in password is valid during 10 minutes, only for authentication against the Self-Service
Portal (useful to reset a forgotten PIN).
Step 1: from the Self-Service Portal homepage, click the “Sign In” button, the “Send Sign in
password by e-mail” or “Send Sign in password by SMS”, enter your User ID, and then click
the “Send” button.
Step 2: you have or will receive a “Self-service Temporary Sign In Password” email notification
or SMS including your temporary sign-in password.
Step 3: from the Self-Service Portal homepage, click the “Sign In” button, the “Sign in using
your token” button, and then authenticate using your temporary sign-in password as OTP.
© Copyright Orange Business Services
96 of 96