If device users do not set up Entrust derived credentials when they register their device, they can set them up later. The procedure is different than the procedure at registration.
A device user does the following tasks:
| • | Getting a QR code and Entrust activation password |
| • | Getting Entrust derived credentials on the device |
Getting a QR code and Entrust activation password
The user gets a QR code and Entrust activation password from your Entrust self-service portal. This portal is specific to your set up. Therefore, the following steps are general steps. They do not include wording and navigation specific to your Entrust self-service portal.
Procedure
| 1. | Connect a smart card reader, with a smart card inserted, to a desktop computer. |
| 2. | On the desktop, open a browser and enter the https:// URL for your Entrust self-service portal. |
| 3. | Login to the portal with the smart card certificate. |
| 4. | When prompted, enter the PIN for the smart card. |
| 5. | Select the option to enroll for derived credentials using the PIV-D Entrust app on Android or the PIV-D Manager app on iOS. |
| 6. | Provide a name for the new derived credential identity. |
On iOS devices, [emailprotected] will use this name when displaying the derived credential. On Android devices, the PIV-D Entrust app will display this name.
| 7. | Provide other information, if requested. |
The Entrust self-service portal displays:
| • | an Entrust activation password |
Leave the screen displaying on the desktop while continuing to the next task, which is on the device.
Getting Entrust derived credentials on the device
After using the Entrust self-service portal to get a QR (Quick Response) code and Entrust activation password, a device user uses the PIV-D Entrust app on Android devices and the PIV-D Manager app on iOS devices to get derived credentials on a device.
| • | Getting Entrust derived credentials on an iOS device |
| • | Getting Entrust derived credentials on an Android device |
Getting Entrust derived credentials on an iOS device
Procedure
| 1. | Install the PIV-D Manager app if it is not already installed: |
| b. | Tap the listing for the PIV-D Manager app. |
| d. | On the pop-up, tap Install. |
2. Launch the PIV-D Manager app.
| 2. | If this is the first time you launch an AppConnect app on the device, follow the [emailprotected] instructions to create a secure apps passcode. |
After you create the secure apps passcode, control returns to the PIV-D Manager app.
| 3. | Tap on Entrust IdentityGuard. TODO: Assumed that you need to select Entrust. Check with app |
The app displays a screen that uses the camera to scan the QR code, which is displaying on the desktop computer on the Entrust self-service portal.
| 4. | Tap OK if you are prompted to allow the PIV-D Manager app to access the camera. |
| 5. | Point the camera at the QR code to scan it. |
When the app has scanned the QR code, it prompts you to enter the Entrust activation password.
| 6. | Enter the Entrust activation password, which is displaying on the desktop computer on the Entrust self-service portal. |
| 8. | Wait while the app validates the entry with Entrust. |
When the validation is complete, the app displays a screen for setting the derived credential PIN. This PINis used when the device user authenticates over Bluetooth to a Windows 10 computer with the derived credential.
| 9. | Enter a new derived credential PIN and enter it again to confirm it. |
The app displays that the derived credential has been successfully activated.
| 11. | Tap anywhere on the screen indicating success. |
The app displays the derived credential, which is now available for AppConnect apps to use.
If you re-launch the PIV-D Manager app, a screen displays that activation was successful.
Getting Entrust derived credentials on an Android device
Procedure
| 1. | Launch the PIV-D Entrust app. |
| 2. | If prompted, enter the secure apps passcode. |
| NOTE: | If the app opens to the screen for entering the Entrust activation passcode, close the keyboard and tap the Scan QR code button in the lower right-hand corner. |
| 3. | If prompted, allow the PIV-D Entrust app to take pictures and record video. |
| 4. | Point the camera at the QR code to scan it. |
When the app has scanned the QR code, it prompts you to enter the Entrust activation password.
| 5. | Enter the Entrust activation password, which is displaying on the desktop computer on the Entrust self-service portal. |
| 7. | Wait while the app validates the entry with Entrust. |
When the validation is complete, the app displays a screen for setting the derived credential PIN. This PINis used when the device user authenticates over Bluetooth to a Windows 10 computer with the derived credential.
| 8. | Enter a new derived credential PIN and enter it again to confirm it. |
The PIV-D Entrust app displays the derived credential. The derived credential is now available for AppConnect apps to use.
Related topics
"About the derived credential PIN" in Using Bluetooth for Entrust derived credential authentication on Windows
