Sending an authentication code to activate a device

5.10 Sending an authentication code to activate a device

If the credential profile for a device has been configured for activation, and has the Activation Authentication option set to use an authentication code, once the device is ready for activation (that is, the Status is PendingActivation) you can send an authentication code to the person so they can activate their device.

For information on setting up a credential profile for activation, see the Activating cards section in the Administration Guide.

You can send an authentication code to the person through email or as an SMS message to their cell phone. You can also choose whether to send a short use authentication code for immediate use (which is valid for two minutes by default) or a long use authentication code (which is valid for 30 days by default).

5.10.1 Configuring authentication codes for activation

Set the configuration options:
1. From the Configuration category, select Security Settings.
2. On the PINs tab, set the following:
  - Auth Code Lifetime for Immediate Use – set this to the number of seconds for which a short lifetime authentication code is valid. To set short lifetime authentication codes for no expiry, set this value to 0. The default is 120 seconds.
  - Auth code lifetime – set this to the number of seconds for which a long lifetime authentication code is valid. To set long lifetime authentication codes for no expiry, set this value to 0. The default is 720 hours.
3. Click Save changes.
In the Edit Roles workflow, make sure the operator has the Send Auth Code for Activation option selected for their role.
From the Configuration category, select Email Templates.

The methods of delivery for the authentication code are determined by the enabled status of the following email templates:
- Activation Code Email – used to send an authentication code in an email message to the person's configured email address. By default, this delivery method is enabled.
- Activation Code SMS – used to send an authentication code in an SMS message to the person's configured cell phone number. By default, this delivery method is disabled.
Make sure the delivery methods you want to use are enabled.

Important: You can edit the content of the email templates, and enable or disable them, but do not change the Transport option, or the notifications will no longer work correctly.
Set up an SMTP server.

See the Setting up email section in the Advanced Configuration Guide for details.
If you are using SMS to send the authentication codes, configure your system for SMS notifications:
1. From the Configuration category, select Operation Settings.
2. On the General tab, set the following:
  - SMS email notifications – set to Yes.
  - SMS gateway URL for notifications – set to the URL of your SMS gateway.
    
    By default, SMS messages are sent to through an email to SMS gateway, in the format <cellnumber>@<gateway>, where:
    - <cellnumber> – the cell phone number from the person's record.
    - <gateway> – the URL from the SMS gateway URL for notifications option.
    For example: [email protected]
    
    If this is not suitable, you can customize the sp_CustomPrepareSMS stored procedure in the MyID database.
3. Click Save changes.
Recycle the web service app pool:
1. On the MyID web server, in Internet Information Services (IIS) Manager, select Application Pools.
2. Right-click the myid.web.oauth2.pool application pool, then from the pop-up menu click Recycle.
This ensures that the MyID Operator Client picks up the configuration changes.

5.10.2 Sending an authentication code

To send an authentication code for activation:

Search for a device, and view its details.

See section 5.1, Searching for a device.

Alternatively, insert the device into a reader.

See section 5.2, Reading a device.

You can also view a device from any form that contains a link to the device.

For example:
- Click the item in the list on the DEVICES tab of the View Person form.
- Click the link icon on the Device Serial Number field of the View Request form.
Click the Send Auth Code option in the button bar at the bottom of the screen.

You may have to click the ... option to see any additional available actions.

The Send Auth Code option appears only if the device is in a suitable state for activation; that is, it has been issued with a credential profile configured to use authentication codes for activation, and is at a Status of PendingActivation. You must also make sure that you have the Send Auth Code for Activation option selected for your role in the Edit Roles workflow.

Note: The Send Auth Code option may also appear if the card has been fully issued; in this case, it sends an unlock code rather than an authentication code. See section 5.11, Sending a code to unlock a device for details.

The Send Activation Code screen appears.
Type any Notes you want to store in the audit trail about the operation.
From the Delivery Mechanism drop-down list, select how you want to send the code.

You can choose from:
- Activation Code Email – sends the code as an email to the person's configured email address. This option is available if the Activation Code Email template is enabled in the Email Templates workflow.
- Activation Code SMS – sends the code as a text message to the person's configured cell phone number. This option is available if the Activation Code SMS template is enabled in the Email Templates workflow.
From the Lifetime drop-down list, select how long you want the code to be valid.

The options here are determined by the values saved in the Auth Code Lifetime for Immediate Use and Auth code lifetime configuration options; by default, the options are:
- Expires 30 days from request – based on the default Auth code lifetime setting of 720 hours.
- Expires 2 minutes from request – based on the default Auth Code Lifetime for Immediate Use setting of 120 seconds.
Click Save.

MyID sends the authentication code to the person, who can then use it to activate their device.