Manage grid card authenticators
Grid authentication uses cards with a grid as the authentication lookup tool. When asked to authenticate with a grid, the challenge presents the user with coordinates, for example, B3, H1. The user references the challenge coordinates on their grid card and responds by typing the corresponding values. For example, using the sample grid card shown below, the correct response to the challenge, B3, H1 is E 5.
A grid card is similar to the one shown in this example. Every grid card includes a unique serial ID. A user can have multiple grid cards.
Typically, your organization creates grid cards, distributes them to users, and then assigns the grid card serial numbers to users. Users can also self-register their grid cards on the User portal.
Complete the following to configure your Identity as a Service account for grid authentication:
Ensure that you have the required permissions to complete all of the grid card management tasks (see Grid Card permissionsGrid Card permissions).
Administrators must have a role with the following User Grid Card Management permissions to manage grid cards:
Add-level access to assign grid cards to users
Remove-level access delete a grid card
View-level access to view the list of grid cards assigned to a user
Edit-level access to enable or disable a grid card
All-level access to view grid card details and print or export grid cards
Ensure that grid is set as an authentication option for the Identity as a Service application (see Create and manage resource rules).
Customize the Grid Card authenticator settings
Assign grid cards to users
Note: An Identity as a Service account can have a maximum of 5000 unassigned grid cards.
Grid card state
Identity as a Service supports the following grid card states:
ACTIVE—The grid card has been used at least one time. The last used date of the imported card will be set to the current date.
INACTIVE—The grid card cannot be used at this time.
UNASSIGNED—The grid card has not been assigned to a user.
PENDING—The grid card can be used for authentication. The first time the user successfully authenticates with the grid card, the card state changes to ACTIVE.
CANCELED—The grid card can no longer be used. Canceled grid cards count toward the maximum number of grid cards a user can have. Canceled grid cards:
Can be deleted
Cannot go back to another state
Cannot be used for authentication
Cannot be unassigned
If not specified, the default state is PENDING.
Note: The state column is not case-sensitive. For example, Active, active, and ACTIVE is recognized.
Migrating Entrust Identity grid cards to Identity as a Service
To migrate Entrust Identity grid cards to Identity as a Service, use the instructions in the Entrust Identity Enterprise to Entrust Identity as a Service Migration Guide available on Entrust Trusted Care. Once logged in to Trusted Care, do the following:
Click Products.
On the My Products page navigate to Identity Enterprise > Identity to IDaaS Migration Tool.
On the Identity Enterprise to Identity as a Service Migration Tool page, click Documents.
Click Download next to Migration Guide: Entrust Identity to IDaaS.
The Entrust Identity Migration operation converts the grid card state as follow:
Entrust Identity State |
Identity as a Service State |
| CURRENT | ACTIVE |
| HOLD | INACTIVE |
| HOLD PENDING | INACTIVE |
| PENDING | PENDING |
| CANCELED | CANCELED |
Topics in this section:
Modify grid card authenticator settings
Create and assign user grid cards