Page tree
Skip to end of metadata
Go to start of metadata

Nexus Hybrid Access Gateway supports provisioning of profiles for Personal Mobile and OATH either via the administration interface or the self-service. In both cases, the provisioning message can be sent out via SMS, email or directly shown in the browser. 

Unlike an email, an SMS can not contain a QR code for provisioning. Therefore, Hybrid Access Gateway provides a feature called bounce page that makes it easier for users to provision profiles that are sent out via SMS. 

In this case, instead of a normal provisioning URL, a bounce page URL is sent out. The bounce page URL points to the Distribution Service (through the Access Point) to render the provisioning URL as a QR code. The user can either scan the QR code with another device, or click a link to open the provisioning URL directly on the same device. 

Expand/Collapse All

Prerequisites

 Prerequisites
  • Deployed Hybrid Access Gateway, see here.

Step-by-step instruction

Enable distribution-service

 Enable distribution-service

To give access to the bounce page through the Access Point, enable the Distribution Service web resource:

  1. In the Hybrid Access Gateway administration interface, go to Manage Resource Access.
  2. Click configured web resource distribution-service.
  3. Click Edit Resource Host...
  4. In the tab General Settings check Enable resource.
  5. In the tab Advanced Settings, select Reserved DNS mapping as Link Translation Type.
  6. Select a Mapped DNS Name for HTTPS.
  7. Click Save.

Enable token distribution

 Enable token distribution
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Distribution Services.
  3. Select an distribution service in the list of Registered Distribution Services.
  4. Check Enable Token Distribution.
  5. Click Save.

Provide DNS name and port for distribution-service

 Provide DNS name and port for distribution-service
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Distribution Services.
  3. Click Manage Global Distribution Service Settings...
  4. Enter DNS name and port that will be used by clients to connect to the Distribution Server.
  5. Click Save.

Enable bounce page for SMS

The bounce page can be enabled for provisioning SMS sent out from administration interface, during self-service provisioning or both. 

To generate the bounce page URL, Hybrid Access Gateway uses the DNS name and port described in the previous section.

 Enable for administration interface
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Authentication Services.
  3. Click Manage Global Authentication Service Settings...
  4. In tab SMS/Screen Messages go to section OATH Authentication or Personal Authentication.
  5. In field OATH Provisioning Message or Provisioning Message (for Personal Mobile) use variable
    1. {0} to send out URL to bounce page

    2. {1} to only send out provisioning URL

 Enable for self-service
  1. In the Hybrid Access Gateway administration interface, go to Manage Accounts and Storage.
  2. Click Self Service.
  3. Click Manage Global Authentication Service Settings...
  4. Open tab Personal Mobile Provisioning or OATH Profile Provisioning.
  5. In field SMS message use variable
    1. {0} to send out URL to bounce page

    2. {1} to only send out provisioning URL

If the distribution-service must not be available through reserved DNS mapping but only for URL mapping, the variable {0} can not be used. In this case the URL to the bounce page needs to be provided manually within the SMS text together with the provisioning URL as a parameter.

A corresponding message text could look like this:

Example: OATH authentication activation link
https://{ds-host}/https/distribution-service/message/oathbounce.html#{1}

This article is valid from Hybrid Access Gateway 5.13.1

Related information

  • No labels