[CA Mobile OTP Roaming flow in CA Adapter] Can I re-download the AOTP account in another device?
What is Roaming flow of ArcotID OTP?
The Advanced Authentication service offers roaming capabilities to enable end users to download their ArcotID OTP securely and authenticate from any system when the need arises. Roaming users who do not have the ArcotID OTP application or JavaScript Client on their device can set up a different device to retrieve their ArcotID OTP credential from the Advanced Authentication service. The downloaded ArcotID OTP can then be used to authenticate to any protected resource in a browser.
To enable roaming, one or more secondary authentication mechanisms must be configured for the user during enrollment. At runtime, if secondary authentication is successful, the ArcotID OTP credential is downloaded to the end user's device.
If Security Code is used for secondary authentication, during enrollment the end user is prompted to provide additional private information, which is composed of a series of user-defined question and answer pairs. Similarly, if security code is used for secondary authentication, during enrollment the end user is prompted to provide an email address or telephone number to which the security code must be sent. At runtime, an end user who tries to download the ArcotID OTP from a different device is first authenticated using the questions and answers or the security code that they received as an email message, SMS, or voice message.
Where is the AOTP re-download link available in out-of-box CA Adapter (arcotafm)?
In AOTP verification page (where user required to enter OTP) there are links forĀ "Forgot CA Mobile OTP PIN?" or "Download AOTP card on different device". User can reset Pin using the first option(Forgot CA Mobile OTP PIN?), this will recreate the AOTP account at the server end and the new one will be downloaded on the end user device. All existing AOTP accounts will not work any more. Using the second option(Download AOTP card on different device) a user can re-download the existing AOTP account to another device.
<Please see attached file for image>
CA Strong Authentication - CA Mobile OTP (also known as Arcot OTP or AOTP)
Why I don't see "Download AOTP card on different device" link in arcotafm verify OTP page? <Please see attached file for image>
The user can add same AOTP credential on multiple devices like Desktop and Mobile at the same time. This feature is only supported for TOTP (i.e. Roaming flow is only supported by TOTP), this is functionality is not supported for HOTP. Make sure you have below configured in your AOTP profile.
HOTP = Counter based OTP
TOTP = Time based OTP