Emergency access is an application that provides the possibility to change the PIN of the vSEC card, reset the password to the application, or unblock a blocked user or to receive the emergency access OTP for emergency situations when user losts his credentials. During the process, the user's identity is verified using verification flows, which may include sending an One-Time password (OTP) to a mobile phone or email address and entering answers to randomly selected verification questions. If the user's identity is confirmed based on the flow evaluation, the operations that can be performed are displayed.


The following instructions describe the identity verification process using flow, which combines sending an one-time-password to a mobile phone and getting OTP from mobile application.


Emergency access authentication process

1

Insert username and press the button NEXT.

  • Note: the language of the application can be changed by [ ] button from the profile menu [ ]

2

Choose an identity verification method and press NEXT button.


The methods and names of each method are defined by the administrators of each tenant, however there are 3 basic types of authentication that can be combined:

  • sms authentication - sending One-Time-Password (OTP) to mobile phone
  • email authentication - sending the OTP to an email address
  • verification via verification questions and answers
  • OTP - using the one time password generated in the TOTP types of tokens in mobile application (or TOTP device)


Notes:

  • for OTP method, the validation will also check for token synchronization and if a discrepancy is detected (even though the OTP is still evaluated as valid) the user will be prompted to enter two consecutive new OTPs for token synchronization.
  • In case of only one configured authentication method, this selection step will be skipped

3

The application will offer a selection of all mobile numbers that have been entered during the enrollment process or that the user has entered in the Selfservice application as contact.

4

Choose one of the numbers and fill in the full phone number matching the selected phone number and press the SEND button. The validation of correct phone number will run and if the number is OK, then the OTP will be sent.


If a text message with a one-time password does not arrive on your mobile phone within one minute, the app will offer you the option to send it again.

5

Fill in the OTP code that was sent to the selected phone number and press the NEXT button.

If the entered OTP is correct, the next flow step will be displayed to verify the user's identity via OTP from mobile application.

6

Verification using OTP works by having the user fill in the OTP from authenticator application from mobile phone.

7

Fill in the OTP and press the NEXT button

8

If all entered answers are correct, the identity verification process is finished and user can choose any of displayed actions.


Available actions:

  • RESET PASSWORD - the user can change their domain password to log into the application 
  • UNCLOCK ACCOUNT - the user can unblock their blocked domain account (in case that the account is locked)
  • VSEC UNBLOCK - the user can unblock and change the PIN of their vSEC card
  • EMERGENCY ACCESS - the user can get the emergency code for the login to the Selfservice and necessary operations with token recovery
  • LOGIN TO SELFSERVICE - the user will be redirected to the Selfservice application


Reset password:

  1. fill in new password
  2. fill in new password again for confirmation
  3. press CONFIRM button


vSEC card PIN unblock:

  1. fill in card serial number
  2. fill in challenge number which is provided by vSEC:CMS application - application will provide the checksum number to verify, that the challenge number is filled correctly (control checksum is provided by vSEC:CMS application as well)
  3. press the button CONFIRM
  4. application will return the cryptogram number (and checksum)
  5. fill the cryptogram in to the vSEC:CMS application and check the checksum number
  6. follow instruction for the PIN change in the vSEC:CMS application


Note: if the Credentials reset process is triggered by a QR code generated from the vSEC:CMS application and the URL carries information about the card serial number and challenge number, this screen is skipped and the cryptogram is displayed directly.


Emergency access:

Application generates the emergency access code that can be as a standard OTP code within the login or in approval process. The validity of the code is restricted for usage count or specific date.


  • Note: The emergency code can be used to log in as a replacement for a standard OTP or as part of the approval process. Its validity is defined based on a template, BUT this code is deactivated when any of the following operations are performed:
    • when the OTP address in the token changes (virtual, sms, email)
    • the new token is enrolled
    • the token is activated