Quickstart
The quickstart section provides a comprehensive guide outlining the steps necessary to Download, Install and configure the Securosys Authorization App on your device. This guide is segregated in two parts User guide and Administrative Guide.
Prerequisites
The HSM infrastructure preparations require an Approver Manager as well as an HSM Administrator.
Before continuing with the Securosys Authorization App on your device, ensure that your HSM infrastructure is prepared beforehand. Depending on your infrastructure make sure to adhere to the following prerequisites.
OnPremises
- Installed and preconfigured Primus HSM with REST API Enabled and TSB Workflow Engine,
- Transaction Security Broker (Rest-API) installed
TSB_ENGINE
license, license information can be obtained by using the REST-API endpoint/v1/licenseInfo
CloudHSM
- HSMaaS: CloudHSM partition,
- TSBaaS: Rest-API access with
TSB_ENGINE
license.
For more granularity please see chapter Prerequisites.
Downloading & Installing Securosys Authorization App
The registration procedure requires an Approver.
To start using the Securosys Authorization App, download and install the latest version on your smartphone. For more granular information and detailed step by step guide, please follow the chapter Installation.
Create Approver
The Approver creation procedure requires an Approver Manager role.
To allow the Approver to use the Securosys Authorization App and authorize tasks, an Approver must first be created. Refer to the REST API curl endpoint below to create an Approver.
Create Approver
POST: /v1/approverManagement/create
- Swagger
- CURL
{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
curl -X PUT -H "Content-Type: application/json" \
https://tsb-demo.cloudshsm.com/v1/approverManagement/create -d \
'{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}'
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
In case of using API-KEY's add the following header to the CURL-Command: -H "X-API-KEY: tsb-x-token_07...
"
Next, please provide your Approver with the following credentials:
- Approver Name (from above request)
- Backup Password (from above request)
- One Time Code (from above response)
- API Key (optional)
- TSB URL (the rest-api url)
With these credentials the Approver can now Register on their App. You can verify the onboarding status of the Approver, see chapter Tutorial - Approver Management - Verify Onboarding Status for more information.
For more granularity, please see chapter Tutorial - Approver Management - Create Approver.
Register Approver
The registration procedure requires an Approver.
Register as Approver on the Securosys Authorization App by inserting the required credentials provided by your HSM Administrator (step above).
For more granular information about the registration credentials and detailed step by step guide to the registration process, please follow the chapter Installation.
Create Policy based Key with multi-authorization
The key creation procedure requires an HSM Administrator.
By assigning SKA policies to keys, Approvers are granted the ability to authorize approval tasks.
The following guides will redirect you to the REST-API documentation
- How to create a Key with SKA Policy and onboard the mobile app user's public-key.
- How to create a sign request which has to be approved by the mobile app user.
Using Securosys Authorization App
The features of the Securosys Authorization App require an Approver.
The Securosys Authorization App allows for authorization of operational and key management tasks where the authorization of an Approver is required as part of a Smart Key Attribute key access policy.
For more granular information and detailed step by step guide, please follow the Tutorial chapter. There you will find usecases such as:
- Obtaining the Public Key or Certificate
- Approving or Denying Operation Tasks
- Approving or Denying Key Management Tasks
- New Onboarding
- Configuring Active Biometric Authorization
There are various usecases for the Securosys Authorization App. See Usecases for more use case examples and their documentation.