Manage machine authenticators

The process of authentication attempts to establish trust by authorizing a trusted source, such as a user. In the case of machine authentication, the trusted source is a client, such as your desktop computer. For example, when you use a Web browser on your desktop computer to authenticate, it generates a machine secret. When you authenticate, machine authentication submits the current machine secret to Identity as a Service and compares it to a previously stored machine secret. If the machine secret from your Web browser matches the machine secret stored in IDaaS, the authentication risk is lower. If it does not match, the risk is higher.

Depending on how your administrator has defined the resource rule that protects the application you are trying to access, a matching machine secret (lower risk) might require lower authentication (for example, first-factor without second-factor) to access the application. If the machine secret does not match, a higher level of authentication is likely required (for example, both first-factor and second-factor).

You can create machine secret by either activating a machine authenticator when you log in to IDaaS or assign one in IDaaS. When you assign a machine authenticator in IDaaS, IDaaS creates the machine secret the first time you log in to the protected application.

Activate a machine authenticator during login

You can create a machine secret when you log in to IDaaS. The next time you log in using the same browser on the same device, IDaaS will compare the machine secret to the one stored in its repository.

Activate a machine authenticator during login

1. Log out of Identity as a Service if you are already logged in. The IDaaS login page appears.

2. Enter your User ID and then click Next. An authentication challenge appears.

3. Select Remember Me. The Machine Label field appears.

4. Enter a Machine Label that describes the machine authenticator. For example, My Desktop Chrome Web Browser. The label must be between 1-30 characters.

5. Respond to the second-factor authentication challenge (for example, one-time password challenge).

6. Click Login to log in to Entrust Identity as a Service. The machine authenticator is assigned and activated to the Web browser you used to login.

7. Go to > My Profile. The My Profile page appears.

8. Click the Authenticators tab. Your new machine authenticator appears in authenticator list.

Assign a machine authenticator from your My Profile page

You can assign a Machine Authenticator from the My Profile page. When you add it and then log in to your application, IDaaS create a machine secret for the browser and device you used to log in. The next time you log in using the same browser and device, IDaaS compares it to the one stored in its repository.

Activate a machine authenticator from your My Profile

1. Log in to Identity as a Service.

2. Go to > My Profile. The My Profile page appears.

3. Click the Authenticators tab.

4. Click . A drop-down list of authenticators appears.

5. Select Machine Authenticator. The Add Machine dialog box appears.

6. Enter Machine Label that describes the machine authenticator. For example, My Desktop Chrome Web Browser. The label must be between 1-30 characters.

7. Click Remember Me. The machine authenticator appears in your Authenticators list.

Using machine authenticators

Activate a machine authenticator during login

Assign a machine authenticator from your My Profile page