PingID Administration Guide

Configuring OATH token authentication

Before you begin

To configure OATH tokens, you must have the following items from each token manufacturer and for each supplied token model:

  • A token seed file. The seed file can be either:

    • A .txt file consisting of lines with a comma separating the token serial numbers and secret keys (without spaces)

    • A .csv file with the token serial numbers and secret keys in different cells (without spaces or commas)

    The secret keys are strings of hexadecimal digits.

  • For each seed file, a single associated token type of either TOTP or HOTP.

  • For TOTP types, a refresh interval of 30 or 60 seconds. The default is 30.

For HOTP types, a start counter can appended as an additional field in the seed file. If absent, it defaults to zero.

Steps

  1. In the PingOne admin portal, go to Setup → PingID → Configuration.

  2. Go to the Alternate Authentication Methods section.

    A screen capture of the Alternate Authentication Methods section.
  3. In the Enable column, select the OATH Token check box.

    Result:

    The Manage OATH Tokens modal opens.

    A screen capture of the Manage Oath Tokens window.
  4. Click Save & Manage Tokens.

    Result:

    The OATH Tokens tab opens and shows a list of previously saved tokens.

    If there are no saved tokens, the list will be empty.

    A screen capture of the OATH Tokens tab.
  5. Click Import Tokens.

    Result:

    The Import OATH Tokens modal opens.

    A screen capture of the Import OATH Tokens
  6. Click Choose File.

  7. Navigate to your token seed file and select it.

    Example:

    A user imports a single token from a file called DAF.csv with the following seed.

    2308734700388,6EBD59F71A634C48C4619CB33F6C385C9237C9BA

    Result:

    The Import OATH Tokens modal shows the token information.

    A screen capture of the Import OATH Tokens window with an imported token.
  8. From the Token Type list, select the token type.

    A screen capture of the Token Type list.

    Example:

    A selection of TOTP - 6 Digits enables the Refresh Interval list.

    A screen capture of the Refresh Interval list.

    Result:

    The Import OATH Tokens modal now looks as follows.

    A screen capture of the Import OATH Tokens window.

    The Preview Record section shows information from the first record in the .csv file.

  9. Optional: If applicable, from the Refresh Interval list, select the refresh interval.

  10. Click Import.

    To return to the Import OATH Tokens modal, go to Setup → PingID → OATH Tokens, and then click Import Tokens.

    Result:

    The newly imported tokens appear at the top of the OATH Tokens list.

    A screen capture of the OATH Tokens tab with the newly-created entry.

Troubleshooting

  • If your seed file contains entries that duplicate existing tokens, the Incomplete Token Report error is displayed.

    A screen capture of the Incomplete Token Import message showing a duplicate token.

    Remove the duplicate entries from the seed file and try again.

  • If your seed file is invalid, you will receive the following error message.

    A screen capture of the Invalid File Type error message.