Configure a QR Code authentication mechanism

The QR Code authentication mechanism is an authentication capability that permits a registered device to scan a QR Code to authenticate the user. It provides a completely alternative-to-password method of authenticating a user.

The mechanism requires users to scan a generated QR code to successfully authenticate using a previous registered application such as IBM Verify or an equivalent built on the IBM Verify SDK. The QR Code authentication mechanism operates in one of the following modes:

Steps

  1. Log in to the local management interface.

  2. Click AAC.

  3. Under Policy, click Authentication.

  4. Click Mechanisms.

  5. Click QR Code.

  6. Click Modify.

  7. Click the Properties tab.

    1. Select a property to configure.

    2. Click Modify.

    3. Enter the value for that property.

    4. Click OK.

  8. Take note of the properties for the mechanism.

      Timeout
      This is the period in seconds the QR code remains valid.

      Enable Browser Testing
      This is a flag that can be set such that if a registered device is not available to scan the QR Code, the user can simulate the back channel flow with another (authenticated) browser. This is only relevant when the mechanism is configured in Response mode and should only be used for testing the mechanism.

      1. Login to IBM Security Verify Access using a protected page. For example, <https://<reverseproxy>>.

      2. Navigate to the "backchannel" URL with a browser, where we are able to enter the login session index (LSI) to authenticate. The LSI is shown on the QR code login page in clear text for this reason: <https://<reverseproxy>/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:qrcode_response>

  9. Click Save.

Parent topic: Authentication