3.30 Enrolling Multiple Methods of a Chain in Sequence

If the administrator creates a chain with multiple methods in it, you must enroll all methods in the chain to perform authentication with Advanced Authentication. You can enroll the methods individually in Your Enrolled Single Methods for sign in or sequentially in Your Enrolled Sequence for sign in. During authentication, you might get a prompt to select the chain available for you. However, Advanced Authentication selects an appropriate chains automatically.

3.30.1 Sample Scenario: Enrolling Card and U2F Methods in the Sequence of a Chain

Sam, an administrator, has performed the following steps to create a chain with multiple methods in it:

  1. Created a chain with the Card and U2F method.

  2. Set All Categories to ON (default) in the Windows Logon event and map the chain to the event.

Tom, an end user, logs in to the Self Service portal and performs the following actions to enroll the chain:

  1. Click the Add icon in Your Enrolled Sequences for sign in on the Authentication Methods page.

  2. Select the chain icon in Available Sequences for Enrollment.

  3. (Optional) Specify the Display Name.

    Connect the card reader.

  4. Click Scan Card.

    A message Waiting for the card is displayed.

  5. Tap a card on the reader.

    A message Enrollment is complete is displayed.

  6. Click Next.

    A message The "Card" authenticator has been saved is displayed.

  7. (Optional) Specify the Display Name.

    Connect the device that complies with the U2F standards.

  8. Click Detect U2F device

    A message Please touch the flashing U2F device now. You may be prompted to allow the site permissions to access your security keys is displayed.

  9. Touch the FIDO U2F button when there is a flash on the device.

    A message Enrollment is complete is displayed.

  10. Click Finish.

    A message The "U2F" authenticator has been saved is displayed.

3.30.2 Testing the Authenticators

After enrollment, Tom performs the following steps to test the chain with Card and U2F methods:

  1. Select the chain with Card and U2F methods in Your Enrolled Sequences for sign in.

  2. Click Test Method.

    A message Test Card Method is displayed.

  3. Tap the enrolled card on the reader.

    If the provided card passes the test, a message Test successful is displayed.

  4. Click Next.

  5. Click Test Method.

    A message Please touch the flashing U2F device now is displayed. You may be prompted to allow the site permissions to access the security keys in U2F device is displayed.

  6. Touch the FIDO U2F button when there is a flash on the device.

    A message Test successful is displayed.

  7. Click Finish.