Entrust Cloud Enterprise Enrollment Guide

Entrust Cloud Enterprise
Enrollment Guide
Entrust Cloud Enterprise Enrollment Guide Document issue: 1.0
Report any errors or omissions
Copyright © 2016 Entrust. All rights reserved. Obtaining technical support

Entrust is a trademark or a registered trademark of Entrust, For support assistance by you can email Customer Support
Inc. in certain countries. All Entrust product names and logos at support@entrust.com or visit our Web site at
are trademarks or registered trademarks of Entrust, Inc. in www.entrust.com.
certain countries. All other company and product names and
logos are trademarks or registered trademarks of their
respective owners in certain countries.
This information is subject to change as Entrust reserves the

right to, without notice, make changes to its products as
progress in engineering or manufacturing methods or
circumstances may warrant.
Export and/or import of cryptographic products may be

restricted by various regulations in various countries. Export
and/or import permits may be required.
2
Enrolling in Entrust Cloud Enterprise
This guide contains the following sections:
• “Enrolling in Entrust Cloud Enterprise” on page 4
• “The verification process” on page 6
• “Logging in to Entrust Cloud” on page 7
What is Entrust Cloud?

Any time that you purchase a certificate from Entrust you are automatically enrolled for
an Entrust Cloud account. If you purchase five or more certificates from Entrust, you
have the option of enrolling for an Entrust Cloud Enterprise account.
Entrust Cloud and Cloud Enterprise accounts allow you to purchase and manage an
inventory of different types of certificates, according to your needs.
3
Enrolling in Entrust Cloud Enterprise Document issue: 1.0
Enrolling in Entrust Cloud Enterprise

Before you can enroll for an Entrust Cloud Enterprise account, you must purchase a
minimum of five certificates.
Note:
You cannot purchase more than 100 certificates online in your initial order. To
purchase more than 100 certificates, contact an Entrust Sales representative.
Purchasing certificates by credit card

To purchase certificates by credit card, you must have a valid Visa®, MasterCard®, or
American Express® credit card.
Purchasing certificates by purchase order

To purchase certificates by purchase order, please contact Entrust Sales at:
• 1-888-690-2424 (toll free within North America)
• 1-613-270-3411 (outside of North America)
• Entrust@Entrust.com
Entrust Sales will provide you with a purchase order code that you can use to purchase
certificates online. The enrollment and purchasing process will automatically enter your
service lifetime, certificate quantities, organizations, and domain name values the in
the online enrollment and purchasing forms.
Note:
If your initial order totals less than $1000.00 you cannot pay by purchase order. Use a
credit card to pay for orders totaling less than $1000.00.
4
To enroll for the SSL Enterprise Service, purchase five or more certificates. To start the
enrollment process, click Buy Now under the Certificate Management Service
Price column.
Continue through the wizard and complete the purchase. Click the ? icon to display
help, if required. If you need detailed information about purchasing certificates,
separate guides are available.
5
The verification process

Entrust or an Entrust representative verifies the following information before creating
your account:
• your organization has the legal right to conduct business under the organization
name you provided in your order
• your organization is the registered owner of the domain name you provided in your
order
• your organization name matches your legally registered name, trade name, or a
majority-owned subsidiary
Note:
Entrust can only issue certificates if your organization name matches the organization
name provided in your certificate signing requests.
• the contacts you provided are employed by your organization

If the information you provided in your application is correct and complete, verification
process typically takes three to five business days. If Entrust encounters any problems
verifying the information your provided, Entrust will contact you immediately.
Contacts
Entrust contacts the people that were listed when you ordered the certificate. For
prompt processing of your request, individuals listed as contacts should be prepared to
respond as needed.
6
Logging in to Entrust Cloud

Entrust Cloud supports user name and password as primary authentication. Users have
a choice of Entrust IdentityGuard grid, eGrid, or soft token as second factor
authentication. Question-and-Answer (Q&A) authentication is available as a method of
accessing the Entrust IdentityGuard Self-Service application, if other authentication
methods are unavailable. Second-factor authentication is mandatory for all users.
Users can log in to Entrust Cloud using the URL https://managed.entrust.net.
Figure 1: Primary authentication—user name and password
Topics in this section include:

• “What are soft tokens?” on page 7
• “What are grids?” on page 9
• “Grid expiry” on page 10
• “Configuring login with second factor authentication” on page 10
What are soft tokens?

Entrust offers a utility for your computer or mobile device that acts like a hardware
token. After it is installed and configured, the utility generates a one-time use number
(security code) that expires after about 30 seconds. The utility can create multiple
identities for authentication to different applications.
If you decide to use soft tokens for Entrust Cloud authentication, the second factor
challenge asks you for the number created by the Entrust IdentityGuard Soft Token
application.
7
Figure 2: Entrust Cloud soft token challenge
You then trigger the soft token utility, enter the security code into the Security Code
field in the log in page and click Submit. The remaining lifetime of the code is indicated
by the Lifetime bar below the code.
Administrators choosing soft token for second factor authentication require the Entrust
IdentityGuard Soft Token utility. The utility is a offered for download at no cost from
Entrust Cloud Web site when you configure your account. Installation and registration
of the soft token utility is simple and only requires a few moments.
Additional information about Entrust IdentityGuard Soft Token application is available
from the utility’s online help.
Figure 3: Application displaying code
8
What are grids?
Entrust IdentityGuard eGrids are graphics that display a grid composed of letters and
numbers as shown in Figure 4.
A physical grid card is a grid printed on a card and mailed to you by Entrust Datacard.
An eGrid is a password-secured PDF graphic of an Entrust IdentityGuard grid that you
can download when you set up your account.
Figure 4: Entrust grid
In either case, when you log in to your account you are asked to enter characters from
randomly selected positions in your grid (see Figure 5).
Figure 5: Grid challenge
Use the use the letter (column) and number (row) combinations to locate the
characters requested in the challenge and enter them in the space below.
Grids in electronic file format (eGrids) are available for download from the Entrust
Cloud site when you configure your Entrust Cloud account.
See “Configuring login with second factor authentication” on page 10 for detailed
information about configuring second factor authentication.
9
Grid expiry
Entrust IdentityGuard grids and eGrids expire 2 years after being issued. Entrust
automatically sends a replacement for a physical grid card 60 days before the existing
grid card’s expiry date. Users who have downloaded an eGrid file can download a
replacement when the existing grid expires.
Configuring login with second factor authentication

First-time users receive an email from Entrust confirming the creation of the requested
account. Entrust Cloud sends a second email with a one time password providing
access to Entrust Cloud. When the new user uses the password to log in to the Web
site, they are required to create and change the password and choose and download
a form of second factor authentication. The following procedure includes detailed
information.
To log in to Entrust Cloud as a new user

1 When you enroll as a new user you receive an email from Entrust containing a user
name and a separate email with the corresponding temporary password. Click the
change password link in the email to open the Entrust Cloud login page in your browser
and log in.
If you are setting up a new account, the license agreement page appears. This page
does not appear if you are adding a user to an existing account. Read through the
license agreement and click Accept to agree and continue. If you Decline this
agreement, you cannot log into Entrust Cloud.
You are redirected to the Entrust IdentityGuard Self-Service Web pages to change your
password and obtain second factor authentication.
The Password Change page appears.
2 In the Password Change page, type the one-time password that was sent to you by
Entrust into the Current Password field. Enter a new password that conforms to the
10
Password Rules into the Password field, and again into the Confirm Password
field.
3 Click Submit.
Note:
Passwords expire after one year. After your password expires, you must create a new
password the next time you log in.
11
4 Select questions from the drop-down list and type your answers into the Answer field
below. These questions and answers can be used later as a means of accessing Entrust
IdentityGuard Self-Service, if a user cannot use their soft token or grid for some reason.
Note:
Select questions and answers that are easy to remember but hard for someone else to
guess.
5 Click Next.
12
6 Entrust Cloud offers soft token or eGrid options for second factor authentication. If you
decide to use soft token you must download the Entrust IdentityGuard Soft Token
application.
Click Yes if you already have the application installed and you want to download and
use a soft token for second factor authentication. If you selected Yes go to Step 7 h.
Click No if you still need to download the application or you want to use the eGrid
option.
7 If you selected No and you want to use a soft token:
• Select the link in the Option 1 pane if you are downloading the soft token
application to your computer.
13
• To send instructions for downloading the soft token application to your mobile
device (cellular phone, for example) select email from the drop-down list.
Note:
Your device must have access to the email account used by Entrust Cloud to contact
you.
– The download site detects the type of device you are using and presents you with
the option of downloading compatible software. If the option is not correct, use
the Not what you’re looking for link to select the correct download.
14
Note:
The following graphics and instructions depict a Windows 7 download and installation.
Your installation may vary.
a Run the installation program or save and double-click the executable to run the
installer.
b Click Next.
15
c Accept the license agreement to continue and click Next.
d Browse to the location where you want the software installed or accept the default
location, and click Next.
16
e Click Next.
f Click Finish to complete the installation.
17
g In the Entrust IdentityGuard Self Service application, select I’ve successfully
downloaded and installed....
h Open the Entrust IdentityGuard Soft Token application (Start > All Programs >
Entrust > IdentityGuard Soft Token in Windows 7 or Start page > Apps by
name > Entrust > IdentityGuard Soft Token in Windows 8.x).
A new installation opens to the interface used to create the identity. In an existing
soft token utility installation, click Add to open this interface.
18
i Copy the highlighted information from the Self Service application page to the soft
token as shown in the following graphic. Click Next in the Web page when you are
finished.
j If you have just installed the utility, set the PIN that you want to use to protect
access to the soft token utility. Re-enter it to confirm the PIN when asked.
The soft token application displays the registration number
19
k Copy the registration number from the soft token utility to the IdentityGuard Self
Service page. Click Next.
l The IdentityGuard Self Service application displays a success message. The soft
token is ready for use.
8 If you selected No and you intend to use an eGrid for authentication:
20
a Select option 2 (I don’t have a mobile device or computer that supports...)
Click Next.
b When asked, confirm your choice.

c eGrids are password protected. Enter and confirm a password that conforms to the
password rules in the Password Rules pane. Each x becomes a check mark if your
password conforms to the rule. Click OK when you have finished
d In the eGrid pane, select Email if you prefer to have a link to the eGrid sent to you.
This may the useful if you intend to use it from a different device. (The device must
have access to the email account used by Entrust Cloud.) Click Download eGrid
21
to download the eGrid to device you are currently using. The default file name is
in the format <user_ID>-egrid.pdf. Click Next when the download is complete.
e You are presented with a list of self-service options.

Use your new password and second factor authenticator the next time you log into
Entrust Cloud.
To change your password or question and answer pairings, click the tools icon in the
upper right side of your Entrust Cloud page and select Manage my account from the
menu to access your Entrust IdentityGuard Self-Service options.
22

Entrust Cloud Enterprise Enrollment Guide

Uploaded by

Copyright:

Available Formats

You might also like

Entrust Cloud Enterprise Enrollment Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Entrust Cloud Enterprise Enrollment Guide

Uploaded by

Copyright:

Available Formats

Entrust Cloud Enterprise

Copyright © 2016 Entrust. All rights reserved. Obtaining technical support

This information is subject to change as Entrust reserves the

Export and/or import of cryptographic products may be

What is Entrust Cloud?

Enrolling in Entrust Cloud Enterprise

Purchasing certificates by credit card

Purchasing certificates by purchase order

The verification process

• the contacts you provided are employed by your organization

Logging in to Entrust Cloud

Figure 1: Primary authentication—user name and password

Topics in this section include:

What are soft tokens?

Figure 3: Application displaying code

Figure 4: Entrust grid

Figure 5: Grid challenge

Configuring login with second factor authentication

To log in to Entrust Cloud as a new user

f Click Finish to complete the installation.

The soft token application displays the registration number

8 If you selected No and you intend to use an eGrid for authentication:

b When asked, confirm your choice.

e You are presented with a list of self-service options.

You might also like