Get Started with the Authorization App
This quickstart provides an overview of how to set up, configure, and use the Securosys Authorization App. For full details, see the installation guide. For the various roles that are used, see the roles overview.
Prerequisites
The Securosys Authorization App works with the Transaction Security Broker (TSB) and a Securosys HSM (either an on-premise Primus HSM or a CloudHSM). Both need to be configured before you can get started with the Authorization App.
For more details, see the prerequisites.
Install App
This step is performed by the approver.
To start using the Securosys Authorization App, download and install it on your smartphone.
Create Approver
This step is performed by the approver manager.
An Approver must first be created before the approver can use the Securosys Authorization App and authorize tasks.
Refer to the REST API curl endpoint below to create an Approver.
Example Create Approver
POST: /v1/approverManagement/create
- Swagger
- CURL
{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}
Response: Response is a oneTimeCode to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
curl -X PUT -H "Content-Type: application/json" \
https://tsb-demo.cloudshsm.com/v1/approverManagement/create -d \
'{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}'
Response: Response is a oneTimeCode to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
In case of using API-KEY's add the following header to the CURL-Command: -H "X-API-KEY: tsb-x-token_07..."
Next, please provide the following information to the user with the role Approver:
- Approver Name (from above request)
- Backup Password (from above request)
- One Time Code (from above response)
- API Key (optional)
- TSB URL (the rest-api url)
With these information the Approver can now Register their App.
To verify the onboarding status of the Approver, see this tutorial.
For more granularity, please see chapter Tutorial - Approver Management - Create Approver.
Register Approver
This step is performed by the approver.
Register as Approver on the Securosys Authorization App by inserting the required credentials provided by your Approver Manager from the previous chapter Create Approver.
For more granular information about the registration credentials and detailed step by step guide to the registration process, please follow the chapter Installation.
Create Policy Based Key with Multi-Authorization
This step is performed by the approver manager.
By assigning SKA policies to keys, Approvers are granted the ability to authorize approval tasks.
For more detailed information about SKA keys please see:
- How to create a policy-based Key and set up the onboarded Approvers'
certificate. - How to create a sign request which has to be approved with the Securosys Authorization App.
Using the App
The Securosys Authorization App allows for authorization of operational and key management tasks where the authorization of an Approver is required as part of a Smart Key Attribute key access policy.
For more granular information and detailed step by step guide, please follow the Tutorial chapter. There you will find usecases such as:
- Obtaining the Public Key or Certificate
- Approving or Cancling Operation Tasks
- Approving or Cancling Key Management Tasks
- New Onboarding
- Configuring Active Biometric Authorization
See the use cases for more examples.