Hardware tokens for Arbor MIS two-factor authentication

Arbor is a cloud-based MIS for Primary, Secondary and Special Schools. The system was originally designed to use TOTP apps, such as Google Authenticator to be used for two-factor authentication. As our programmable tokens can be used as drop-in replacement of such apps, it is possible to use them for securing your Arbor MIS login. The guide below will show how you can enable and use Token2 programmable hardware tokens with Arbor MIS.


Requirements

  • An Arbor account (regular, no admin rights needed)
  • A Token2 programmable token (the guide below shows C301i  as an example)
  • An iPhone device with NFC enabled - this is needed for the enrollment only, subsequent logins will only require the hardware token

The steps below are describing the process using iPhone and C301i token, but please note that the same operation can be done using any of our programmable tokens and supported platforms (i.e. Android or Windows) with minor differences. 

1. Install the provisioning tool

Download and install the supported provisioning app for your device type. Refer to this page to find the correct app for your token and the operating system. For our example, we selected the C301i as the token model and iPhone as the platform.

the app we will be using for our example is TOKEN2 NFC Burner

Check NFC Connectivity

Next, make sure the app can communicate to the token. To do this, launch the NFC Burner app and click on "get token data" button. The app will open the NFC prompt. Then, turn the token on (it should show digits or dashes on the LCD) and touch the top of the device (near the speaker). If the NFC connection is successfully established, you should see the serial number and the system time of the token in the 'Results' textarea.


Once you have the NFC Burner app and the token ready, you can start the provisioning process by logging in to Arbor MIS.

Logging in for the first time

When you log in for the first time, you will need to set up a link between your authentication app and your school’s MIS. Go to the login page of your school’s MIS, fill in your login details and click Log in.

Once you successfully log in, you will be asked to set up a link to your authentication app.

Hardware tokens for  Arbor MIS two-factor authentication

In our case, we will be using our NFC Burner app and not the Authentication App as proposed by the wizard. On the next step, the page will show a QR code that you have to scan using your NFC Burner app on your iPhone.

Hardware tokens for  Arbor MIS two-factor authentication

When  you see the QR code similar to the one above, on your iPhone, launch the TOKEN2 NFC Burner app and click on 'scan QR' button. 

Point your iPhone camera to the QR code shown

Once the QR code is detected by the app, the Seed field should be populated with the hex value of the TOTP profile encoded in the QR image

Hardware tokens for  Arbor MIS two-factor authentication

Then, click on "Burn" button, turn the token on and touch the top of the device when prompted

Hardware tokens for  Arbor MIS two-factor authentication

Make sure the results area shows 'seed successfully applied'

Turn the token off and on again to get the new OTP generated

In the Arbor's window, enter the 6 digit OTP shown on the token to the Verification code field and click Log in

Hardware tokens for  Arbor MIS two-factor authentication


This completes the enrollment. For subsequent logins, you will be using only the hardware token - when a verification code is requested, just type in the code generated by your token and click on 'Verify Access'

Hardware tokens for  Arbor MIS two-factor authentication