5.3.8 Generate and Send an Enrollment Link to Users

To generate an enrollment link, you can encode the server URL, tenant ID, and category name to the Base64 format using any online tool. The generated link is then sent to the users through the email to access the Desktop OTP tool and enroll the TOTP authenticator. The users can create an account on the tool to enroll the TOTP authenticator in the Self-Service portal.

To generate the enrollment link in the Base64 format, perform the following steps:

  1. To encode use the details such as server URL, tenant ID and category name in the following JSON format:

    {"server_url":"<domain-name>","tenant_name":"<tenant-name>","category_name": "HOME"}

    For example, {"server_url": "aafserver.company.com", "tenant_name":"netiq”, "category_name": "HOME"}

    You can specify the preferred category name for category_name parameter if you have added categories in the Event Categories policy. You can remove the parameter category_name, if you have not added any category.

    You can specify TOP for the tenant_name parameter, if the Multitenancy mode is disabled.

    In case of further problems with the enrollment link, please validate the syntax using Validating JSON Syntax in SLAnalyzer.

  2. Encode the value including {} to Base64 (charset: UTF-8) format.

    For example, the encoded link is displayed as:

    eyJzZXJ2ZXJfdXJsIjogImFhZnNlcnZlci5jb21wYW55LmNvbSIsICJ0ZW5hbnRfbmFtZSI6Im5ldGlx4oCdLCAiY2F0ZWdvcnlfbmFtZSI6ICJIT01FIn0=

  3. Copy the encoded link for further use.

To send an enrollment link through email, perform the following steps:

  1. Compose an email with the subject and body.

    For example, specify TOTP Enrollment Link in the Subject and body as follows:

    Hi Users, Click here to enroll for the TOTP authenticator using the Desktop OTP tool.

  2. Right click on the preferred text and select Hyperlink.

  3. Specify the encoded link and prefix aaf-otp in Address.

    For example, aaf-otp:eyJzZXJ2ZXJfdXJsIjogImFhZnNlcnZlci5jb21wYW55LmNvbSIsICJ0ZW5hbnRfbmFtZSI6Im5ldGlx4oCdLCAiY2F0ZWdvcnlfbmFtZSI6ICJIT01FIn0=

  4. Specify the email address of the preferred users in To then click Send.

    User can click the hyperlink to open the Desktop OTP automatically.