Advanced Authentication Server supports the following ways to enroll the authentication methods:
Automatic enrollment which is supported for SMS, Email, RADIUS and LDAP Password methods.
The methods will be enrolled automatically if Chains containing them are assigned to any Event.
Enrollment by Administrator is supported for OATH Tokens.
An administrator can import tokens from PSKC or CSV files in Advanced Authentication Administrative Portal - Methods - OATH OTP - OATH Tokens tab. From the same view it's possible to assign tokens to the specific users.
Enrollment by Security Officer
A Helpdesk/Security officer can access the Advanced Authentication Helpdesk Portal by the following address: https://<NetIQ Server>/helpdesk where it's possible to enroll the authentication methods for users. A Helpdesk/Security officer must be a member of Enroll Admins group (Repositories - click Edit on LOCAL - Global Roles tab) to perform management of users' authenticators.
Enrollment by User
A user can access the Advanced Authentication Self-Service Portal by the following address: https://<NetIQ Server>/account where it's possible to enroll any of permitted authentication methods.