What is a device authorization?
When do I need a device authorization?
How do I self authorize (via email)?
How to authorize without an activation email?
Troubleshooting
What is a device authorization?
A device authorization is a cookie that is stored on your web browser e.g Google Chrome, Microsoft Edge etc. which allows you to access the system without the requirement to work on an IP Whitelisted network address.
Note:
- A single device authorization is a device+web browser combo
- A single device may have multiple device authorizations (based on web browser)
- Deleting your web browser cookies will result in the requirement for a new device authorization
- Depending on your companies security policy, a device authorizations may either be user self authorization (via email) or managed centrally by your local system administrators.
When do I need a device authorisation?
FBO One instances are protected using an IP whitelist preventing any system access from outside of a pre-approved internet connection. In the event that a system access is required from from outside of this approved network a device authorization is required.
Use cases for device authorizations may include:
- Whilst working from home or travelling.
- On a mobile device that may frequently change IP location.
- On a network using dynamic IP addresses e.g 5G network.
How to self authorize via an activation email
The following prerequisites are required:
-
The user account must be a private (non-group) users.
-
The user account must have a valid email address defined in the 'Email address' field.
-
The device authorization feature must be enabled (Application setting 'DeviceAuthorizationEnabled').
-
The device authorization by email must be enabled (Application setting 'DeviceAuthorizationByEmailAllowed').
-
In the event that the prerequisites are met, the user will see the following message during an attempt to access FBO One,
-
Select the 'Click here to activate this device via email'
-
Complete the four fields, followed by 'Submit'. Be sure to define a clearly named device description.
-
The users email address will receive a system generated email similar to the below, allowing the user to either:
-
Click on the URL link to access FBO One.
-
Enter the activation code on the following screen presented to the User
-
-
Either of the above steps will redirect the user to the FBO One login page.
How to authorize without an activation email?
In the even that the 'DeviceAuthorizationByEmail' setting is false,
-
The User, on an un-approved device, will be presented with the following page when attempting to log-in on a unkown public network.
- The device user should share their 'activation request number' with their local system administrator.
-
The local system administrator should, via the menu bar, navigate to 'Device Authorizations' page.
-
Using the filter and/or search box locate the relevant "Requested" device record.
-
Select 'edit' for the record
-
Change the status from 'Requested' to 'Approved'.
- Select 'Save'
Troubleshooting:
The most common cause for frequent renewals will be browsing in private/incognito mode.
This mode is specifically designed to delete any browser history and web cookies associated to their browser activity.
More info related to How private browsing works in Chrome can be found here.
Comments
0 comments
Please sign in to leave a comment.