Skip to main content
Skip table of contents

Send out provisioning links from Digital Access using a bounce page

This article is valid for Smart ID 20.11 and later.

Smart ID Digital Access component supports provisioning of profiles for Smart ID Mobile App and OATH either via the administration interface or the self-service. In both cases, the provisioning message can be sent out via SMS, email or directly shown in the browser. 

Unlike an email, an SMS can not contain a QR code for provisioning. Therefore, Digital Access component provides a feature called bounce page that makes it easier for users to provision profiles that are sent out via SMS. 

In this case, instead of a normal provisioning URL, a bounce page URL is sent out. The bounce page URL points to the Distribution Service (through the Access Point) to render the provisioning URL as a QR code. The user can either scan the QR code with another device, or click a link to open the provisioning URL directly on the same device. 

Prerequisites
  • Deployed Digital Access component, see here.

Step-by-step instruction

Enable distribution-service

To give access to the bounce page through the Access Point, enable the Distribution Service web resource:

  1. In Digital Access Admin, go to Manage Resource Access.
  2. Click configured web resource distribution-service.
  3. Click Edit Resource Host...
  4. In the tab General Settings check Enable resource.
  5. In the tab Advanced Settings, select Reserved DNS mapping as Link Translation Type.
  6. Select a Mapped DNS Name for HTTPS.
  7. Click Save.
Enable token distribution
  1. In Digital Access Admin, go to Manage System.
  2. Click Distribution Services.
  3. Select an distribution service in the list of Registered Distribution Services.
  4. Check Enable Token Distribution.
  5. Click Save.
Provide DNS name and port for distribution-service
  1. In Digital Access Admin, go to Manage System.
  2. Click Distribution Services.
  3. Click Manage Global Distribution Service Settings...
  4. Enter DNS name and port that will be used by clients to connect to the Distribution Server.
  5. Click Save.

Enable bounce page for SMS

The bounce page can be enabled for provisioning SMS sent out from administration interface, during self-service provisioning or both. 

To generate the bounce page URL, Digital Access component uses the DNS name and port described in the previous section.

Enable for administration interface
  1. In Digital Access Admin go to Manage System.
  2. Click Authentication Services.
  3. Click Manage Global Authentication Service Settings...
  4. In tab SMS/Screen Messages go to section OATH Authentication or Personal Authentication.
  5. In field OATH Provisioning Message or Provisioning Message (for Personal Mobile) use variable

    1. {0} to send out URL to bounce page

    2. {1} to only send out provisioning URL

Enable for self-service
  1. In Digital Access Admin, go to Manage Accounts and Storage.
  2. Click Self Service.
  3. Click Manage Global Authentication Service Settings...
  4. Open tab Personal Mobile Provisioning or OATH Profile Provisioning.
  5. In field SMS message use variable

    1. {0} to send out URL to bounce page

    2. {1} to only send out provisioning URL

If the distribution-service must not be available through reserved DNS mapping but only for URL mapping, the variable {0} can not be used. In this case the URL to the bounce page needs to be provided manually within the SMS text together with the provisioning URL as a parameter.

A corresponding message text could look like this:

Example: OATH authentication activation link

CODE 
https://{ds-host}/https/distribution-service/message/oathbounce.html#{1}

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close