Introduction
This article will guide you through how to use the OFFPAD authenticator from Pone Biometrics.
The OFFPAD security key is a hardware-based authentication device leveraging fingerprint biometrics to optimize the balance between security and convenience.
You can use the OFFPAD with any Authentication Flow by using the WebAuthn authentication module.
Prerequisites
You first need to ensure you have connected your OFFPAD, either via Bluetooth or NFC, and registered your fingerprint.
In the examples below, we have paired our OFFPAD via Bluetooth to a Windows desktop PC.
Instructions for this initial setup can be found in steps 1-3 of the OFFPAD getting started guide here.
You also need to install the WebAuthn feature on your LogonBox server.
To do this, whilst logged in with your admin account navigate to Updates, Features & Licensing in the top right menu, then click on the Authentication tab.
Click the Download icon to the right of the WebAuthn feature and accept the License agreement that pops up by clicking Accept.
Restart the LogonBox service when prompted by clicking the power icon at bottom right, then Restart.
WebAuthn configuration
Navigate to Authentication Flows->Authentication Options->WebAuthn.
You can change the Name if you wish, but the default of LogonBox should be okay to keep.
For Id, this needs to be set to the hostname of your LogonBox server that your users access the service on.
Click Apply to save the changes.
Configuring the Authentication Flow
For this example, we will configure the Password Reset authentication flow.
Navigate to Authentication Flows->Schemes and edit the Password Reset flow.
Remove any existing modules other than Username and add in the WebAuthn Authenticator by clicking the + next to the module on the right hand side.
You may now click the Edit icon in the WebAuthn module to see some extra settings.
You can use this to alter any text for prompting users to register or authenticate, but the important settings at this stage are Allow Registration and Skip Authentication.
If you turn on Skip Authentication, a user can opt not to register their OFFPAD at this time. This can be useful whilst you're initially testing or rolling the authenticators out if all users do not yet have the authenticator device.
Allow Registration allows the user to register their device from this authentication flow if it has not been done yet.
Click Apply then Save to save any changes.
Important note: It is not recommended to allow registration from the Password Reset flow as the user has not had to present any extra authentication before the registration attempt.
Instead, set up exactly the same authentication module on the User Login Authentication Flow and turn on Allow Registration on that flow.
Here we can see both Password Reset and User Login have been configured.
Registering an OFFPAD with LogonBox
At this point, you are ready for your users to start using their OFFPADs.
First, a user will need to register their OFFPAD.
To do this, a user will click on My Account from the main portal and enter their username and password.
The LogonBox server will detect that user has not yet registered an OFFPAD and will now prompt the user to click Register.
The user is prompted where to save this passkey. Select Security Key and click Next.
Click OK on the setup popup.
Click OK again to continue the setup.
Press the power button on the OFFPAD at the next prompt.
Now, authenticate with your fingerprint.
Your OFFPAD is now registered.
You will now be prompted to authenticate again with a passkey.
Do exactly the same again, select Security Key, power your OFFPAD on, then use your fingerprint.
The user is now logged into their account.
At this point, the user can just log off their account as everything has now been set up.
Example password reset using the OFFPAD
To reset a password, the user clicks on Reset Password on the portal.
Enter the username and click Next.
A sign-in popup appears, select Security Key and click Next.
Click the power button on your OFFPAD to connect it to your system.
Authenticate to the OFFPAD with your fingerprint.
The user should now see the change password prompt.
Enter a new password and confirm it and click Change Password.
Your password has now been changed, click Continue to be redirected back to the main portal.
