Software authenticator activation process

The software authenticator activation process is as follows:

Identify the client component, identify the policy, and look up and verify the user account

The activation process performs the same verification to identify the client component, policy settings, and the user account as done for registration (see Software authenticator registration process). The only exception is that the user account must already exist.

Verify one-time password (OTP)

The one-time password is verified against the authenticator record.

Activation

The authenticator is set to ACTIVE in the data store. The grace period ends if one was set. The grace period expires automatically when a one-time password (OTP) is used to authenticate for the first time, i.e. after the OTP has been successfully validated (if it has not been set manually to expire prior to that in the relevant policy). It also expires after a successful MDL activation, either using an OTP or a signature validation.

Finalization

In the finalization step the activation is stored in the data store. The audit data is updated to record the completed transactions and the results of those transactions. A response is sent to the user to confirm the activation or to show an error message if activation failed.

For information specific to the activation process using multi-device licensing and multi-device activation, see Scenario: multi-device activation (MDA)  .