4.14 ZTrust Authenticator

The ZTrust Authenticator is a secure mobile application designed to offer different single factor as well as two-factor authentication (2FA) options.

1. Introduction

The ZTrust Authenticator is a secure mobile application designed to offer different single factor as well as two-factor authentication (2FA) options, including Time-Based One-Time Passwords (TOTP), QR code scanning, Push notifications, and NFC-based authentication. These features provide additional layers of security for your accounts beyond passwords. These features provide different types of methods for user authentication.

2. System Requirements

• Operating System: Android 10 or later and iOS 13 or later

• Internet Access: Required for account setup, push notifications, and syncing

• Storage: 200 MB minimum

• Permissions:

  • Camera: For QR code scanning

  • NFC: For NFC-based authentication (NFC-enabled device)

  • Internet: For push notification (Allow Notification permission)

3. Installation

• Go to PlayStore:

Fig 4.13.a: ZTrust authenticator on play store

• Go to App Store:

Fig 4.13.b: ZTrust authenticator on app store

• Now install the application and start the initial setup.

Prerequisite: RabbitMQ configuration is mandatory. Please ensure RabbitMQ is properly set up before using the ZTrust Authenticator.

4. Getting started

ZTrust Authenticator allows users to securely add their accounts using the following methods:

• ZTrust SSO Login

• Self-Service Portal

Each method uses a simple QR code scan and secure confirmation process to onboard your device.

4.1. Enforce the user to set up an authenticator while logging in or registering.

Prerequisites

• Initial setup required; enable the required action in ZTrust SSO to trigger device registration and onboarding. Steps as follows:

  • Log in to the ZTrust Admin Console and select the realm where you want to enable Device Registration.

    

    Fig 4.13.c: Welcome demo realm
  • Then, on left side under the configuration section, select Authentication tab in bar.

    

    Fig 4.13.d: Authentication section in sidebar
  • There you will see three tabs, like Flows, Required actions and Policies. Select Required on tab.

    

    Fig 4.13.e: Required actions in authentication section
  • Here, you will see three headings: Action, Enabled, and Set as Default Action

    • Action: Represents the types of required actions available in ZTrust.

    • Enabled: Indicates whether the action is active and ready to use. Once enabled, the admin can assign it to specific users. However, for device registration, it should be enabled for all users at the time of registration.

    • Set as Default Action: When turned on, the selected required action becomes mandatory for the realm. This means that whenever users register, they must complete this action in addition to filling out the registration form.

      

      Fig 4.13.f: Options in required action tab
  • Now, enable the Authenticator Application Setup by turning on both Enabled and Set as Default Action.

    

    Fig 4.13.g: Turn on Authenticator Application setup
  • Now that it is enabled as a default required action, any user who registers through the ZTrust registration page will also be prompted to complete the device registration setup.

  Note: If, for any reason, device registration is not completed but you have already submitted the registration form, you can still log in using your email/username and password. Upon login, you will be prompted again to complete the pending device registration action.

  If you attempt to start the registration process from the beginning, you will receive an error stating that your email already exists.