nasdaqomx

Two Factor Authentication - 2FA

What is 2FA (Two-Factor Authentication)?

A common user authentication method is the usage of username and password ("something you know"). Adding an additional authentication method, for example a code created by a device ("something you have"), creates an extra security layer. The combination of these two is called 2FA (two-factor authentication).

More information regarding 2FA can be found at our external providers home page.



Implementation of 2FA to Nasdaq web applications

In order to streamline the login procedure to our customers (Single Sign-On), Nasdaq will implement 2FA (two-factor authentication) to all our web-based applications. First web systems to adapt the 2FA were CMS Web and TRACK, and we are now about to start the next phase, implementation of 2FA for NFM. Other web applications will follow.

The 2FA solution to be implemented is provided by SafeNet and can be used on smartphones, tablets or computers. Once 2FA implementation is completed, users will be authenticated with username, password and a one-time passcode generated by the SafeNet MobilePASS app.

(Those web applications using 2FA from other providers, will continue using those until further notice
until they will be migrated to SafeNet solution)

 

Important!

All customers need to decide what device(s) should be used and prepare these for the MobilePASS app/software and token installation. For easy and trouble-free usage we recommend the use of smartphones, but local software installations are also possible

  • Smartphones/Tablets – Download the app SafeNet MobilePASS from your Apple App Store, Blackberry AppWorld or the Android Play Store
  • Desktop computers – Download the applicable SafeNet MobilePASS from SafeNet´s webpage

Before downloading any app/software, please consult with your IT-department for the internal company policies that may apply!

NOTE: The initial installation of MobilePASS app/software requires local administrative privileges. If the end user is not allowed to download the app/software, please make it available on the verified platform.
After the installation has been completed, the usage of the app does not require administrative privileges.


NOTE: After the MobilePASS app/software has been successfully installed, the token required for the completion of installation will be provided by Nasdaq only if you have a valid CMS Web/TRACK/NFM user account.

 

Timeline

Timeline for the implementation of SafeNet's 2FA solution to Nasdaq web applications:

System

Enrollment start

Enrollment completed

CMS Web October 6, 2016 December 2, 2016
TRACK January 25, 2017 March 10, 2017
NFM March, 2017 June, 2017
Q-Port June 12, 2017 October 27, 2017
MemberPortal TBA TBA
...    

 

Preparatory steps

Preparatory steps

The following preparatory steps are recommended before the enrollment period for the web system in question starts:

1.    Identify the system Administrator(s) within your company

2.    Identify the system users within your company

3.   System Administrator(s) should inform all the system users of the upcoming change and the enrollment process

4.   Administrator needs to ensure that all user accounts are individual. All potentially shared accounts need to be changed or removed. With the new 2FA Single Sign-On solution, the use of shared email address will be strongly discouraged.

NOTE: Only use e-mail addresses that are being owned by you as a member, do not use shared or generic email addresses such as username@gmail.com or user.name@hotmail.com

5.    Decide which device should be used for each user, and prepare these for the MobilePASS app/software and token installation (use of smartphones is the recommended option)

  •     Smartphones/Tablets – Download the app SafeNet MobilePASS from Apple App Store, Blackberry AppWorld or the Android Play Store
  •     Desktop computers – Download the applicable SafeNet MobilePASS from SafeNet's webpage

NOTE: The initial installation of MobilePASS app/software requires local administrative privileges. If the end user is not allowed to download the app/software, please make it available on the verified platform.
After the installation has been completed, the usage of the app does not require administrative privileges.


NOTE: After the MobilePASS app/software has been successfully installed, the token required for the completion of installation will be provided by Nasdaq only if you have a user account in the system in question.

 

Enrollment step-by-step

Enrollment process

- When the enrollment period starts, existing CMS Web/TRACK/NFM users will be requested to enroll as part of the standard login procedure to the application in question. New users will be directed directly to the enrollment procedure when attempting to log in for the first time.

- For Q-Port users, the enrollment procedure will be enabled by request. Click on the URL link specified in the e-mail received and follow the steps 2, 6-10 below.


Below is a step-by-step guide for 2FA enrollment. (For users with multiple accounts, please see "2FA Installation Guide for CMS Web/TRACK/NFM/Q-Port" in the Related Content box to the right.)


1.    When the enrollment period starts, all users will be prompted with "Important information!" when attempting to login to CMS Web/TRACK/NFM using User name and Password. Choose "Register Now" in order to proceed with 2FA enrollment.
(NOTE: If you don't want to enroll at this time, choose "Continue to CMS Web/TRACK/NFM" instead. This option can be chosen maximum of ten times - until the end of enrollment period - after that the enrollment to 2FA is mandated.)

2.    In the "2FA Registration" window, choose "Set up new 2FA account"

3.    In the "2FA Registration - Credentials 1(2)" window, verify the pre-filled information and correct if needed, then "Proceed to account initialization"

4.    In the "2FA Registration - Credentials 2(2)" window, choose "Continue account initialization"

5.    As stated in the "2FA Registration - Credentials 2(2)" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the link provided in this e-mail

6.    In the "2FA Registration - Password 1(2)" window, create a new password for your 2FA account, then "Proceed with account initialization"

7.    In the "2FA Registration - Password 2(2)" window, re-enter the password, then "Complete account initialization"

8.    As stated in the "2FA Registration - Completion" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the URL link specified in this e-mail on the device where the token should be enrolled

  • If not previously done, the MobilePASS app should be installed at this point. Click “Download MobilePASS Installer (.msi)”.
    NOTE: Before downloading any app/software, please consult with your IT-department for the internal company policies that may apply!
    NOTE: Administrator rights are required. Ask your IT department for assistance, if needed.
  • Once the MobilePASS app has been installed, choose “Enroll your MobilePASS token

9.    MobilePASS token enrollment:

  • If you are prompted to choose a method for enrolling the token, choose the “Auto Enrollment” option
  • In the “Create New Token” view, set a token name, eg. “Nasdaq Token”
  • In the “Set a Token PIN” view, set a new PIN code for your token (6 digits)
  • Re-enter the Token PIN
  • The first generated Passcode appears now in the window. This can be used directly to log in to CMS Web/TRACK/NFM/Q-Port
    NOTE: A passcode is only valid in 60 seconds, thereafter a new one will be generated.

10.   An e-mail stating that the 2FA registration has been completed will be sent to you. This e-mail contains a link to be used in order to login to 2FA and by so reaching CMS Web/TRACK/NFM/Q-Port from now on.



After the token enrollment has been completed, CMS Web/TRACK/NFM/Q-Port will be accessed via "Two-Factor Authentication" window, by providing your User Name, 2FA-Password set during enrollment process, and your Passcode generated by your SafeNet MobilePASS app.

NOTE: Old CMS Web/TRACK/NFM passwords should not be used after the enrollment of 2FA has been completed.
 

SHARE :