Is it possible for a user to activate CA Mobile OTP(also known as CA AuthID OTP or Arcot OTP) on different devices, like multiple Smatphones, Tablets or computers simultaneously? If possible the user should be able to generate valid OTP from any devices and Authenticate.
CA Strong Authentication 9.x on any supported environment (please refer to the Platform Support Matrix)Any CA Mobile OTP Client (please refer to the Platform Support Matrix for different type of supported devices and available libraries/SDK)
Once the user's CA Mobile OTP account is provisioned, the client application(either out-of-box app available on app stores or built using CA Mobile OTP SDK) that you use takes the user’s PIN as an input and generates passcodes on the user’s device. It is possible to download the same CA Mobile OTP Account to multiple devices and generate the OTP from any OTP Client. However you need to consider below:
1. In case of Counter based OTP(HOTP) the client and server maintains the count separately. The OTP is generated based on this count. If the CA Mobile OTP account is downloaded in multiple devices, it is possible that for one device(say device-A) the count is increased. Correspondingly server also increases the count. In this case counter in other device(say device-B) falls behind and OTP generated by this devices-B will not work beyond the tolerance window. If synchronization is done in device-B then the device-A goes out of sync. So, there are issues with HOTP when Mobile OTP Account is downloaded in multiple devices.
2. In case of Time based OTP(TOTP) the device time is used for generating OTP. As long as the time of different devices are within the tolerance window, all OTP from different devices will work simultaneously. CA Strong Authentication uses its database time for time input. It is recommended to synchronize the database time with a centralized time server periodically and keep the database time correct. It is also expected that the client devices maintains the time within the tolerance window. In most of the mobiles the time is updated automatically from network provider by default. So it rarely goes out of sync. Please set your time tolerance window(for both Authentication and Synchronization) as per your requirement.
3. While designing the middleware please make sure you provide a flow to download the same CA Mobile OTP Account on multiple devices. For downloading the OTP account, middleware should not create new Mobile OTP Account each and every time.
Please refer to the Platform Support Matrix for the CA Strong Authentication environment and supported devices for CA Mobile OTP clients and available libraries(SDK).