We have some users that want to use software tokens, and would prefer to use QR-Codes to distributed them. We are not currently deploying the self service console, our existing users all use hardware tokens, and cannot seem to find a decent "howto" guide in any of the documentation on how the deployment procedure works. Is there a simple document within RSA that details this. For example. If the user has to log into the self service console, to retrieve the QR-Code, how do they authenticate, assuming they are a new user?
basically without a Web Tier, a CTKIP URL shows the internal port 7004. This is configured in your Software Token Profile. Some devices, like a Windows PC, are not capable of converting this URL to a QR Code, so that option is not in the Software Token Profile.
When you distribute a soft Token as Dynamic Seed Provisioned (CT-KIP) you get a URL like the one above, plus an activation code, which you can email and/or phone call to the customer (email the URL and have them call for the code is probably safest.) If you email both the code and the URL, someone could intercept it, but it can only be used once, so that is safety through fail-safe, if it does not import into the intended User’s device, you get them a new one which invalidates the first one.
With QR Codes, that is a subset of CTKIP which only works on specific smart phones. The difference is user must logon to the Self Service Console to get their QR Code. When you distribute a soft token with QR Code, it looks like this.
You do not see a QR code or CTKIP URL, until user logs into Self Service Console, typically with a Password, and clicks the activate link. Be sure to enable Password logon to Self Service console in the Security Console - Setup - SS Settings
RSA_Password means Internal database user with assigned password, while LDAP_Password comes from an external LDAP Identity Source like Active Directory. the / means OR, be careful with + it means AND which is two types of Authentication.
When your users logs into the Self Service Console, SSC, they can activate their Token by scanning the QR code.
Good luck