AnsweredAssumed Answered

Unable to Change PIN code

Question asked by KENNITH FARNUM on Sep 15, 2016
Latest reply on Sep 15, 2016 by Erica Chalfin

Like • Show 0 Likes0
Comment • 1

I have a user who has windows 10 and have installed the Check point Capsule VPN, VPN configuration was completed successfully. This user is a first time user and the AM token policy is define for the user to generate the code.

However, the app does not allow connection if the PIN field is empty?

Is there a method to avoid this?

No one else has this question

Outcomes

1 Reply

Erica Chalfin Sep 15, 2016 3:54 PM
Mark Correct
Correct Answer
Kenneth,

Is your user authenticating with a hardware or software token?

Which of the following options does your token policy use?
- For a hardware or software token, is the PIN followed by tokencode (fob-style), where the PIN is entered followed by the tokencode; or
- For a hardware or software token is a PIN not required so the user enters just the tokencode)?
- For a software token, is the PIN integrated with tokencode (called PIN pad-style), where the PIN is incorporated into the token code to create the passcode;
For hardware tokens or software token in New PIN Mode that use the PIN followed by tokencode option
1. Have the user launch the Checkpoint VPN interface.
2. When prompted, enter the digits they see on the hardware token, for example 098765.
3. The Authentication Manager server knows this token is in New PIN Mode and will send a prompt to the user to create a PIN.
4. The user creates a PIN (for example, 1234) and supplies it to the Authentication Manager server. The PIN is cached in the Authentication Manager database.
5. The server verifies that the tokencode sent is the correct one for what we call the perfect minute. If it is, the authentication is successful. If not, the server will prompt the user to wait until the tokencode rolls to the next one and then enter the new number series.
6. To verify the PIN and the tokencode, another prompt will be sent to the user, asking them to wait until the tokencode changes on the fob (let's say it changes to 567890). Once the tokencode changes, key in the PIN followed by the tokencode (1234567890). The token is now out of New PIN Mode.
7. The next time the user launches the Checkpoint VPN interface, they enter the passcode; that is, the PIN + tokencode (1234 followed by the tokencode on the display).
For hardware or software tokens where no PIN is required
1. The user launches the Checkpoint interface and the RSA SecurID software token app, if applicable.
2. The Authentication Manager server knows this token is in New PIN Mode. Since no PIN is required, there will not be a prompt to create a PIN.
3. The user supplies the tokencode displayed on the hardware token or software token app to the Authentication Manager server via the Checkpoint. The user may need to key in four zeroes into the token app and press Play. The software token app is shown here:
4. The server verifies that the tokencode sent is the correct one for what we call the perfect minute. If it is, the authentication is successful. If not, the server will prompt the user to wait until the tokencode rolls to the next one and then enter the new number series.
5. To verify the tokencode, another prompt will be sent to the user, asking them to wait until the tokencode changes on the fob or in the software token app. Once the tokencode changes, key in the tokencode on the fob or shown in the software token app. If the user has the software token app, they can press Copy and then paste the tokencode into the Checkpoint interface.
6. The next time the user launches the Checkpoint VPN interface, they enter just the digits they see on the fob or in the software token application then enter only the tokencode they see into the Checkpoint.
For software tokens where the PIN integrated with tokencode
1. Launch the RSA SecurID Software Token application. The image below is of the desktop token application.
2. In the Enter PIN box enter four zeroes (0000) or don't enter anything (which is the equivalent of entering zeroes) and press the Play button or press Enter. This does a mathematical function of add no carry. A tokencode will display. Since you are using zeroes, the tokencode of 53248133 remains the same.
3. Click the Copy button and paste the contents to the Checkpoint VPN interface.
4. The Authentication Manager server knows this token is in New PIN Mode and will send a prompt to the user to create a PIN.
5. The user creates a PIN (for example, 1234) and supplies it to the Authentication Manager server via the Checkpoint. The PIN is cached in the database.
6. The server verifies that the tokencode sent is the correct one for what we call the perfect minute. If it is, the authentication is successful. If not, the server will prompt the user to wait until the tokencode rolls to the next one and then enter the new number series.
7. To verify the PIN, another prompt will be sent to the user, asking them to wait until the tokencode changes on the fob (in the screen shot here, it changed to 07013313).
8. Now key the PIN into the software token app and press Play or Enter. Note that the interface now says Passcode indicating the PIN is now a part of the tokencode. The token is no longer in New PIN Mode. You can see the add no carry process below, where 0701 remains the same but the 3313 was changed to 4547.
9. Press Copy and then paste the passcode into the Checkpoint interface. The next time the user launches the Checkpoint VPN interface, they enter the PIN into the software token application to generate the passcode then enter only the passcode they see into the Checkpoint.
Note that for software tokens, the PIN cannot begin with a leading zero. So, 012345 would throw an error but 123450 is acceptable. Hardware token PINs can start with a leading zero.
Regards,
Erica
Like • Show 0 Likes0
Actions

Unable to Change PIN code

Outcomes

Related Content

Recommended Content