Advanced Authentication server supports the following ways to enroll the authentication methods:
Automatic enrollment: This type of enrollment is used for the SMS, Email, RADIUS, LDAP Password, and Swisscom Mobile ID methods.
The methods are enrolled automatically if the chains containing them are assigned to any event.
Enrollment by Administrator: This type of enrollment is used for the OATH Tokens.
An administrator can import tokens from the PSKC or CSV files in the Administration portal > Methods > OATH OTP > OATH Tokens tab. You can assign tokens to the specific users.
Enrollment by Helpdesk administrator: This type of enrollment is used by the Helpdesk administrator.
A Helpdesk administrator can access the Helpdesk portal with the address: https://<NetIQ Server>/helpdesk. In the Helpdesk portal, the Helpdesk administrator can enroll the authentication methods for users. A Helpdesk administrator must be a member of the Enroll Admins group (Repositories > Local > Edit > Global Roles) to manage users' authenticators.
Enrollment by User: This method is applicable for the users. A user can access the Self-Service portal with the address: https://<NetIQ Server>/account, where the users can enroll any of the authentication methods.