Employees with the role Registration Authority (RA), have an important role in facilitating strong authentication to users.
The process by which a physical person is linked to his/her digital identity information and to his/her authentication credential is critical to deter registration fraud. If this process results in a weak link of the person to either the credential or the identity, there can be little or no assurance that the person using that credential to authenticate and access services and information is who he/she claims to be.
The registration process is designed, to a greater or lesser degree depending on the assurance level, to ensure that the registration authority (RA) knows the true identity of the applicant. Specifically, the requirements include measures to link the verified identity of the user to a strong authentication token in posession of the user.
This manual describes which steps an RA should take during the identity registration and proofing process.
Note: an RA can only start activating tokens of other users once his own YubiKey has been activated by the RA-admin of his institution.
1. Look up registered token
- Ask the user for his activation code he was shown on screen during token registration or received by email
- Enter the users' activation code en click 'Search'
- No code found? Check for typing errors and try again.
- Still no code to be found? Check if the user has started and finished his registration properly via the tab 'Tokens'
2. Link token
- Check if the user's mobile phone has a network connection and can receive text messages
- Click 'Send code' to send a one time SMS code to the registered mobile number
- Send a new code if the user has not received a SMS code within one minute.
- Enter the SMS code the user has received by text message
- Click 'Verify code'
- Error after entering code? Check for typing errors and try again.
- The user will receive a push notification on his smartphone
- The user should enter his tiqr PIN in the tiqr app to confirm login
- Did the user not receive a push notification? Please scan the QR code to login instead.
- Insert the YubiKey of the user in a USB port of your computer/ laptop with the button facing upwards.
- Make sure the input field has focus.
- Press the button of the YubiKey and hold for a moment
- A one time password will appear in the input field (No need to press 'Enter')
- Remove the YubiKey and return the YubiKey to the user.
3. Verifiy identity
- Ask the user for his identification document
- This can be one of the following documents:
- Driving license
- National ID-card
Note: a student card, banking card or public transport card (OV-card) are not valid identification documents!
- Check if the user looks like the picture in the identification document
- Check if the identification document is still valid
- Check if the personal details of the user as shown in your browser match the personal details as shown in the identification document
- Enter the last 6 characters of the document of number identification document
- Are all details correct? Then check the box 'I have verifiied the identity of the user' and click 'Verify identity'
- Not all details correct? Or do you question the validity of the identification document? Than cancel registration and contact your Registration Authority Admin contact.
4. Token activated!
The user has shown his digital and physical identity:
- The user has shown he possesses the registered authentication token
- A link was made between his digital identity and his token
- The token is now ready for use
- The user receives an email confirmation with additional information
Go back 'Home' to start a new activation