Scribd
Upload
93 views

Entrust User Guide v4.2

Uploaded by

manjunatha.amg
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
93 views

Entrust User Guide v4.2

Uploaded by

manjunatha.amg
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Entrust IdentityGuard

User Guide

Registration, Token Creation and


VPN Login

Security Assurance
Entrust IdentityGuard User Guide

TABLE OF CONTENT

DOCUMENT CONTROL INFORMATION ........................................................................................................................3


INTRODUCTION .........................................................................................................................................................4
PREREQUISITES ..........................................................................................................................................................4
REGISTRATION (ONE-TIME ACTION) ...........................................................................................................................5
CREATION OF SOFT TOKEN ON MOBILE DEVICE...........................................................................................................9
CREATION OF SOFT TOKEN ON LAPTOP .................................................................................................................... 12
VPN LOGIN WITH SOFT TOKEN – CTC, CTFS, RETAIL, PART SOURCE, PETROLEUM AND THIRD-PARTIES ....................... 15
VPN LOGIN WITH SOFT TOKEN USING PULSE SECURE ON APPLE MAC – CTC .............................................................. 17
VPN LOGIN WITH SOFT TOKEN USING ANYCONNECT – MARK’S & FGL ....................................................................... 20
WHO TO CALL .......................................................................................................................................................... 22

Document Name: Entrust IdentityGuard User Guide Page: 2 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

DOCUMENT CONTROL INFORMATION

DOCUMENT STATUS

Document Name Entrust IdentityGuard User Guide


Version 4.2
Issue Date 2018-07-09
Owner Security Assurance
Status Published
Confidentiality Property of Canadian Tire

DOCUMENT HISTORY

Version Date Summary of Changes Author Technical Approver(s)


Reviewer
0.1 2017-10-27 Initial draft Natalie DeSantis Andy Maslov
0.2 2017-12-04 Update Kevin D’Innocenzo
0.3 2017-12-05 Update Natalie DeSantis
1.0 2017-12-08 Review and update Andy Maslov
2.0 2017-12-19 Added information on Steve Giftakis,
VPN access using Pulse Andy Maslov
Secure on Apple laptops
3.0 2018-01-26 Added information on Natalie DeSantis,
VPN access using Dexter Maitriborirak,
AnyConnect at Mark’s & Andy Maslov
FGL
4.0 2018-04-30 Updates made for CTFS, Andy Maslov
Retail, Part Source,
Petroleum and third-
parties
4.2 2018-07-09 Updates made for CTC Andy Maslov
West

Document Name: Entrust IdentityGuard User Guide Page: 3 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

INTRODUCTION

The remote access to the Company’s information resources is secured with the technology for Multi-Factor
Authentication (MFA) based on Entrust IdentityGuard product.

Multi-Factor Authentication means that when you log in via VPN, you go through two steps: entering your corporate
user credentials (first factor – “something you know”), and then entering a security code produced by your soft token
(second factor – “something you have”).

The soft token is created and stored in a special application on your mobile device or laptop.

This document shows how to create, register and use a soft token for remote VPN access.

PREREQUISITES

Please ensure that you have one of the following (choosing between these options is the matter of convenience of
either of them for you individually, however mobile option is generally considered as more optimal):

 Mobile application Entrust IdentityGuard Mobile installed on your mobile Blackberry, Android or Apple device
(you will need to install it by yourself from a respective app store),
OR
 Desktop application Entrust IdentityGuard Soft Token. It’s supposed to be installed on all corporate laptops. If
you choose the desktop option and the application is not installed on your corporate laptop, please contact Help
Desk. Third-party users can download and install the desktop application by the link:
https://www.entrust.com/mobile/info/all-downloads.htm.

Document Name: Entrust IdentityGuard User Guide Page: 4 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

REGISTRATION (ONE-TIME ACTION)

To be able to use VPN with a soft token you need to register and obtain the soft token first. To do this you must be
connected to the Canadian Tire network, by being in the office or remotely by VPN using a temporary PIN which can be
requested from Help Desk, and perform the following steps:

Open Internet Explorer browser on your computer


and navigate to the self-service portal at:

https://secure-selfservice.cantire.com/

Select your Domain from the drop-down list, enter


your User Name and Password for the selected
domain and click Log In.

Note:

Domain in this form needs to be selected as:

 CORP – by CTC, Mark’s and FGL users

 CTFS – by Bank users

 RETAIL, PSOURCE or PETRO – by respective


users in Retail, Part Source and Petroleum BUs

 PETROSEC – by SOROC users

 CTCWEST –by CTC West users

Document Name: Entrust IdentityGuard User Guide Page: 5 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

Once logged in, select a Mutual Authentication


Image and enter an arbitrary Mutual
Authentication Phrase of your choosing, then click
OK.

Note:

The picture and phrase you selected here will be


shown to you the next time you log in to the self-
service portal, to assure you of the authenticity of
the site (that it’s not maliciously “spoofed”)

Select a question from each dropdown and enter


your answer.

Please make sure you memorized your questions


and answers. After you moved to the next screen
you wouldn’t be able to immediately return back to
this screen.

Once entered, click Next.

Document Name: Entrust IdentityGuard User Guide Page: 6 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

Fill out answers to three of the questions you


entered in the previous step and click OK.

Note:

This step is to demonstrate how Mutual


Authentication Image, Mutual Authentication
Phrase and questions you selected earlier will be
used for your authentication at self-service portal in
the future.

Select I’d like to request a soft token.

Then select Yes for confirmation.

Document Name: Entrust IdentityGuard User Guide Page: 7 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

Click Yes if you’ve installed the mobile app or if you


have the application installed on your laptop (see
“Prerequisites” section of this guide)

Select option 1 if you are going to use the Entrust


IdentityGuard Mobile application on your mobile
device,

OR

Select option 2 if you are going to use the Entrust


IdentityGuard Soft Token application on your
laptop,

then click Next.

If you chose option 1 in the previous step, go to the section “Creation of Soft Token on Mobile Device” of this guide.

If you chose option 2 in the previous step, go to the section “Creation of Soft Token on Laptop” of this guide.

Document Name: Entrust IdentityGuard User Guide Page: 8 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

CREATION OF SOFT TOKEN ON MOBILE DEVICE

QR Code Activation

Using Entrust IdentityGuard Mobile app on your


mobile device, select the QR code scanner icon at
the bottom, (if you’re prompted to give the app
access to your camera, select Yes).

Using the camera view that opens within the Entrust


IdentityGuard Mobile app, center the QR code
displayed on self-service portal on your computer
screen in the camera view.

With the QR code centered in the app on your


mobile device, and when prompted, enter the
password (string of numbers in red found below the
QR code on the self-portal web page in the browser)

Document Name: Entrust IdentityGuard User Guide Page: 9 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

This will take you to the Activate Identity screen on


your mobile device.

Enter Name of your choosing for this identity, then


click Activate.

Note:

Identity basically represents soft token which will


allow you to get a security code that you will need to
use in VPN login

If you have multiple user accounts in multiple


domains, you may need to create different identities
for different domains. You can only have one identity
(soft token) per domain.

You will see Registration Code appearing in the


mobile app.

Document Name: Entrust IdentityGuard User Guide Page: 10 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

On the self-service portal in your web browser, click


Next, and then enter the Registration Code from the
mobile app from the previous step into the
Registration Code field on the self-service portal,
then click Next.

The token has now been activated. Click OK in the


browser and proceed to the next step. Then click
Done on the page.

Get back to the mobile app and click OK there and


confirm that you’ve used the Registration Code for
token creation.

After you completed registration on self-service portal and creation of identity (soft token) in the app on your mobile
device you can now start using your soft token for logging in to VPN – see section “VPN Login with Soft Token – CTC”
in this guide.

Document Name: Entrust IdentityGuard User Guide Page: 11 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

CREATION OF SOFT TOKEN ON LAPTOP

At the current step of the registration process, after


you decided to use the application for soft tokens
installed on your laptop, you will see the web page
on the self-service portal with the information as
shown on the screenshot

Open the application in the Windows Start Menu


following the menu path (on corporate laptops):

All Programs> CTCAPPS > Entrust > IdentityGuard


Soft Token

Note:

The path to the application may change. If you


can’t find it in the menu, type the name of the
application in the search field at the bottom of
the Windows Start Menu

Document Name: Entrust IdentityGuard User Guide Page: 12 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

In the application enter the following information:

 Leave Address field empty


 Choose a Name for the identity (soft token)
 Copy Serial Number and Activation Code values
from self-service portal web page into
respective fields in the application

Click Save button in the application when complete.

Click Next button on the self-service portal web


page and then enter Registration Code from the
application to the same field on the self-service web
page. Click Next again on the self-service web page.

Document Name: Entrust IdentityGuard User Guide Page: 13 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

The token has now been activated. Click OK in the


browser and proceed to the next step. Then click
Done on the page.

Get back to the application and click Done there and


confirm that you’ve used the Registration Code for
token creation.

After you completed registration on self-service portal and creation of identity (soft token) in the application on your
laptop you can now start using your soft token for logging in to VPN – see section “VPN Login with Soft Token – CTC”
in this guide.

Document Name: Entrust IdentityGuard User Guide Page: 14 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

VPN LOGIN WITH SOFT TOKEN – CTC, CTFS, RETAIL, PART SOURCE, PETROLEUM AND THIRD-PARTIES

VPN WEB LINK


For login to VPN you need to use the web link that is normally used in your line of business or team. For example, for the
majority of CTC and Part Source users the VPN link will be: https://access.cantire.com, for CTFS users:
https://access.ctfs.com, for Retail users: http://access.cantire.com/stores, for Petroleum users:
https://access.cantire.com/petro, for CTC West users: https://access.cantire.com/ctcwest and for CTC and Retail third-
parties: https://access.cantire.com/partners.

VPN TOOL
The VPN web link needs to be entered in the tool normally used for VPN access in your line of business or team. It can be
the web browser (usually Internet Explorer or Chrome) or Network Connect.

Log into VPN using your usual VPN tool (browser or


Network Connect) and web link, and select the
Realm with “-2FA” used by your line of business or
VPN web link
team.

Enter your Username and Password, then click Sign


In.

VPN realm

VPN login using Internet Explorer

Document Name: Entrust IdentityGuard User Guide Page: 15 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

VPN web link

VPN realm

VPN login using Network Connect

The next screen in your web browser will request


Response code.

Open the application Entrust IdentityGuard Mobile


on your mobile device or application IdentityGuard
Soft Token on your laptop. It will show you Security
Code for the identity (soft token) you created
earlier.

Enter or copy Security Code from the application


into Response field in the browser and click Sign In
button in the browser.

If your user credentials and Response are correct you will be able to proceed further with getting VPN access
established.

Document Name: Entrust IdentityGuard User Guide Page: 16 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

VPN LOGIN WITH SOFT TOKEN USING PULSE SECURE ON APPLE MAC – CTC

Open Pulse Secure utility on your Mac

Click on the + sign to create a new VPN connection


profile

Note:

This is one-time action. You will be able to use the


new profile for your VPN access going forward

In the Name field, type the name you prefer for the
new VPN connection (it is just a label)

The Server URL must be access.cantire.com as can


be seen on the screenshot

Click Add to bring you back to the Connections


screen

Document Name: Entrust IdentityGuard User Guide Page: 17 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

Click Connect on the Connections screen for the


new VPN profile you created

Choose the realm CORP-MAC-2FA, and click


Connect

Enter your Username and Password that you use


for CORP domain, and click Connect

Document Name: Entrust IdentityGuard User Guide Page: 18 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

Open Entrust IdentityGuard application on your


mobile device or laptop and enter the Security
Code, generated by the application for the soft
token you registered earlier, in the field Please
enter response on the next screen on your Mac
shown on the screenshot, then click Connect

You will now be connected to the corporate VPN

Document Name: Entrust IdentityGuard User Guide Page: 19 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

VPN LOGIN WITH SOFT TOKEN USING ANYCONNECT – MARK’S & FGL

Start Cisco AnyConnect Secure Mobility Client and


connect to remote.fglsports.com:65000

Select your VPN Group from the dropdown menu,


with “-2FA” in its name. For example, if you
normally use the group “FGL-IT-General-Access”,
select “FGL-IT-General-Access-2FA” instead

Enter your CORP account credentials: your


username in the Username field and your password
in the Password field

Leave Second Password field empty

Click OK

Document Name: Entrust IdentityGuard User Guide Page: 20 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

When next window asking for Answer appears,


open the application Entrust IdentityGuard Mobile
on your mobile device or application IdentityGuard
Soft Token on your laptop. It will show you Security
Code for the identity (soft token) you created earlier

Enter or copy Security Code from the application


into Answer field in Cisco AnyConnect window as
shown here on the right, and click Continue button
in the window

When next window appears, click Accept

You will now be connected to the corporate VPN

Document Name: Entrust IdentityGuard User Guide Page: 21 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09
Entrust IdentityGuard User Guide

WHO TO CALL

Should you need any assistance during this process, please call one of the following:

Business Unit Support Team E-Mail Address Phone Number


CTC Enterprise Service Desk [email protected] 1-888-373-8888 x 8333
CTFS/CTB Enterprise Service Desk [email protected] 1-800-464-9166 x 33000
Mark’s Technology Support Center [email protected] 1-888-670-6674
FGL Technology Support Center [email protected] 1-866-217-1105
CTR Retail Retail Systems Service Desk [email protected] 1-866-899-3025

Document Name: Entrust IdentityGuard User Guide Page: 22 of 22


Document Date: 2018-07-09 Review Date: 2018-07-09

You might also like