ServicePass – Self-Service Security Portal
Manage Your One-Time Password (OTP) + FIDO U2F Security Tokens On One Convenient Web-Based Self-Service Portal
ServicePass offers all the functionality users need to manage their strong authentication tokens. As a result, we eliminate costs associated with 24/7 help desk calls regarding lost or stolen tokens, token activation, temporary one-time passwords and so forth. We pass these savings directly to our clients.
- Eliminate help desk overhead, relieve user frustration and increase productivity
- Ready-to-use web form for easy setup, configuration and customization
- One-click token activation feature
- Supports all soft, hard, virtual OATH OTP and FIDO security tokens
- Push Authentication technologies (SMS challenge response, Email, voice call, Approve-Deny app)
- Easily integrates into your production intranet, extranet, Internet services
ServicePass is available as an out-of-the-box installable image that allows users to incorporate simple stylistic changes, such as CSS style sheets or corporate logos. As an open source solution, it can be completely customized and enhanced for any possible support situation.
ServicePass uses the SurePassID API’s (REST and Windows WCF) allowing for complete integration into existing intranet, extranet and Internet enterprise service desk applications. It serves as the foundation for new self-service applications.
ServicePass Self-Service Portal provides the following capabilities:
- Token Registration
- Token Synchronization
- Lost Token Disablement and Re-Issuance
- Automated Notifications
- Password Reset
- SurePassID API Advanced features
- Integration into 3rd Party applications
SurePassID can be configured to automatically send token registration notifications to users when soft tokens are assigned/re-assigned to them. Soft tokens can be assigned to users via:
- User Import Files
- Active Directory Sync
- Manual Initiation
The notifications that are sent to your users are completely customizable and can provide important token setup and configuration instructions. The notifications can direct the user to the portal or provide simple instructions for directly registering soft tokens without requiring the portal. Notifications can be sent as plain text, HTML email, or SMS message.
ServicePass allows the user to reset their password if SurePassID is configured to use the SurePassID directory. If SurePassID is configured to use Active Directory or LDAP, SurePassID cannot directly reset the user’s password because, in this case, SurePassID does not store any passwords. However, ServicePass can be setup to link to another existing help desk application that can manage/reset the user’s password request or send an email to the system administrator. Thus, providing maximum flexibility for all self-service scenarios.
It is not uncommon for users to generate extra OTPs that do not get used, perhaps because someone is showing off their cool OTP Display Card, or touching the generate OTP button too many times. This can cause the token to get out of sync with the server. To eliminate this issue, ServicePass prompts users to enter two consecutive OTP’s from their hard token to resynchronize their device.
For the highest level of security, users need to register both hard and soft tokens. ServicePass intuitively prompts the user for the appropriate registration flow based on the specific token types that are configured by their system administrator.
Users can register their soft tokens via QR codes displayed to the user, or manually enter token seed data. The SurePassID Mobile Authenticator soft token supports one-click activation that allows the user to click a link that automatically and securely registers the token over-the-air transparently to the user’s mobile device.
Hard token registration requires users to enter two consecutive OTP’s from their hard token.
Lost Token Disablement and Re-Issuance
ServicePass allows users to report a lost hard token or an accidentally deleted soft token. ServicePass will optionally allow the user to add another soft token or request a new soft token where work flow is required.
SurePassID API Advanced Features
The SurePassID API library has many additional functions that are separate from the portal, such as adding users, deleting users, etc. for automated workflow processing support. A full list can be found here.
Get the ServicePass data sheet.