Grid authentication uses cards with a grid as the authentication lookup tool. When asked to authenticate with a grid, the challenge presents the user with coordinates, for example, B3, H1. The user references the challenge coordinates on their grid card and responds by typing the corresponding values. For example, using the sample grid card shown below, the correct response to the challenge, B3, H1 is E 5.
A grid card is similar to the one shown in this example. Every grid card includes a unique serial ID. A user can have multiple grid cards.
Typically, your organization creates grid cards, distributes them to users, and then assigns the grid card serial numbers to users. Users can also self-register their grid cards on the User portal.
Complete the following to configure your Identity as a Service account for grid authentication:
● Ensure
that you have the required
permissions to complete all of the grid card management tasks (see
Grid
Card permissions).
● Ensure that grid is set as an authentication option for the Identity as a Service application (see Create and manage resource rules).
● Customize the Grid Card authenticator settings
● Assign grid cards to users
Note: An Identity as a Service account can have a maximum of 5000 unassigned grid cards.
Identity as a Service supports the following grid card states:
● ACTIVE—The grid card has been used at least one time. The last used date of the imported card will be set to the current date.
● INACTIVE—The grid card cannot be used at this time.
● UNASSIGNED—The grid card has not been assigned to a user.
● PENDING—The grid card can be used for authentication. The first time the user successfully authenticates with the grid card, the card state changes to ACTIVE.
● CANCELED—The grid card can no longer be used. Canceled grid cards count toward the maximum number of grid cards a user can have. Canceled grid cards:
– Can be deleted
– Cannot go back to another state
– Cannot be used for authentication
– Cannot be unassigned
● If not specified, the default state is PENDING.
Note: The state column is not case-sensitive. For example, Active, active, and ACTIVE is recognized.
To migrate Entrust Identity grid cards to Identity as a Service, use the instructions in the Entrust Identity Enterprise to Entrust Identity as a Service Migration Guide available on Entrust Trusted Care. Once logged in to Trusted Care, do the following:
1. Click Products.
2. On the My Products page navigate to Identity Enterprise > Identity to IDaaS Migration Tool.
3. On the Identity Enterprise to Identity as a Service Migration Tool page, click Documents.
4. Click Download next to Migration Guide: Entrust Identity to IDaaS.
The Entrust Identity Migration operation converts the grid card state as follow:
Entrust Identity State |
Identity as a Service State |
| CURRENT | ACTIVE |
| HOLD | INACTIVE |
| HOLD PENDING | INACTIVE |
| PENDING | PENDING |
| CANCELED | CANCELED |
Topics in this section:
● Modify grid card authenticator settings
● Create and assign user grid cards
● Generate unassigned grid cards
● Manage unassigned grid cards
● Search and export grid cards
