Before you begin
We offer a free service which allows the authentication of up to 10 users per month for a single app, this does not mean you cannot register more than 10 users, but it will mean only the first 10 users per month will be authenticated.
This will get you started and give you a feel of using the OASIS OTP service. If you are satisfied and wish to roll out to more users you can enter your billing information on your profile page, this will remove all restrictions, meaning unlimited users and unlimited apps.
We like to keep things simple, we charge £1 per authenticated user per month, with a 10% discount per 1000 users authenticated up to 4000 users, the more users authenticated the more you save.
We only charge for users who are authenticated, so if you register 1000 users but only 15 use the service you will be charged £15 in that month.
One Time Passcodes
There are a number of one-time passcodes apps available on various mobile app stores, an example is the Google Authenticator app, if you do not already have a preferred app we recommend you download this before you start.
Getting started with OASIS OTP is simple, sign up for free at https://oasis.oliveinnovations.com, our free plan offers integration for up to 10 users and a single app without the need to provide any billing information.
Before you complete your registration please have your one-time passcode mobile app such as google authenticator at the ready, this will allow you to scan your QR code to be able to generate the one-time passcode.
Complete the registration at https://oasis.oliveinnovations.com, you will be emailed a registration link, click this link, scan the QR code, enter the one-time passcode and you’re done.
When registering the Full Name will appear as the Issuer Name in the one-time passcode app, you may wish to register the full name as your company.
What’s next? Now you registered check out our Administration guide to learn about apps, users, gateways and how it all works together to help your secure your systems.
Accessing the Admin Console
Login to the admin console at https://oasis.oliveinnovations.com using your login details. If you are an administrator for an organisation but not the primary registered user, you will have a unique link that would have been emailed to you separately.
Your dashboard is a simple overview of current configuration, usage, billing and reporting.
The information on the dashboard shows the number of active Applications, User Group count, User count, Gateway count, Log count, Administrator count and Billable user count.
Dashboard: Return to the dashboard and view current summary.
Your Profile: Upload your logo for customisation, change your password and manage billing information.
Settings: Logging and locking information, one-time passcode generation details and custom email settings.
Applications: Manage applications, this is key to the system as applications contain the service information and access policies for services you wish to secure.
User Groups: Manage user groups, this allows you to create groups of applications that can be assigned to users.
Users: Manage users, assign users to groups, manage user registration and status.
Gateways: Configuration of Radius gateways, active directory synchronisation.
Log: View log activity including authentication failures.
Administrators: Grant access to registered users to allow them to manage your system.
Billing: Information about current usage, historic usage and view invoices.
We suggest that before you begin you check out the Settings and Your Profile, this allows you to customise your users experience and some settings cannot be changed once you have registered users.
Firstly, you can update your basic profile information and administer your registration account.
Full Name: This is the displayed in the authenticator app, this is known as the Issuer Name, this should be your company name if you are an organisation or it can be your name if you are using our platform as an individual.
Registration QR Code: in the event you need to reinstall your authenticator app you can login using your emergency code, and use click this button to display the QR code to reregister your device in the authenticator app.
Change Password: As it says, you can change your password.
Upload Logo: If you want to customise your users experience you can upload your own logo and it will be included on any email communication. The logo should be jpg format, approximately 150px x 150px.
If you wish to remove user and app restrictions, you need to complete your billing information.
Complete the billing address information and card details, we do not store your card details we use a 3rd party service provider, www.stripe.com, rest assured your details are safe and secure.
If you are a large corporate user and would prefer to be pay by any other method than card please contact us at firstname.lastname@example.org
These are categorised in three sections, locking and reporting, one-time passcode details and email customisation.
Lock user after failed authentication attempts: Specify the number of times a user can enter incorrect one-time passcodes concurrently before the user account is locked.
Lock user for number of minutes: The number of minutes the user is locked for, after this period the user can attempt authentication again.
Email administrator when a login attempt fails: If the administrator should be email when a user is locked because of consecutive number of failed login attempts.
Keep log for number of days: The number of days to keep the activity logs for.
One-time passcode length: The length of the numeric passcode that should be generated, currently the google authenticator app only supports 6 digits.
Duration in seconds the one-time passcode is valid for: The one-time passcode change regularly, this allows you to specify the duration between changes, currently the google authenticator app only supports 30 seconds.
Send emails from: If you wish to customise who the emails to your users come from you can specify your email address, please note though that developments in email security mean that certain actions need to be completed to ensure delivery.
The core to the OASIS integration is Applications, these allow you to generate Application Keys to be used when using our services for authentication.
Name: An identifier within OASIS for the application.
Allow users set to bypass to authenticate: When enabled any user who is set to bypass authentication will not be prompted to input a one-time passcode and will able to access the application (subject to applications default authentication being successful).
Allow access to users not enrolled: This setting is the same as allowing users set to bypass to authenticate with the exception that if the user is has not completed the registered process, they will be granted access to the application subject to the default authentication method of the application being successful.
Application Key: When setting up services for one-time passcode authentication you will need to provide the application ID, key and API key for the application, this button allows you to view this information for the application
Restriction to applications is based on user groups, users who are not members of a user group allowed access to an application will not be granted access regardless of state,
ID: A unique numeric identifier for the group, this is required if you use the API’s to manage user groups.
Name: An identifier for the group.
Map To Directory Group: If you plan to synchronise an external directory with OASIS this will map the external directory group to the OASIS user group.
Applications: A list of applications the user group has been granted access to.
Administration of the users of the platform regardless of user creation method.
When creating a new user, it is possible to send the user a registration email directly from the platform.
Username: The username to authenticate.
Full name: Name of the user.
Email: Email address of the user, this is used to send the user registration Email.
Status: Pending Registration, user has not yet completed registration. Active, user has completed registration and is active, Locked, user has failed concurrent authentication attempts and is locked and Bypass, user can bypass authentication for applications that allow bypass. It is possible to change the user status.
Resend Enrolment Email: Resend the user enrollment email in case the details have been lost, this will invalidate the users current configuration and they will need to complete registration again.
User Groups: The user groups the user is a member of, this will grant access to all applications of the user groups.
User is an OASIS administrator for your account: Selecting this option and saving the user will enable the user to administer your OASIS services on your behalf, they will be invited via email and will have to accept before they can login to your account.
We provide a gateway application (available in the download area) to be installed locally on your network, this is optional but provides a directory synchronisation service and a radius service to provide radius authentication if required.
Hosts: List of hosts where the service is installed, hosts are self-registering.
Directory Sync: Specifies the host is responsible for the synchronisation of a directory, it is advised that only a single host is enabled for this to prevent deadlock situation.
Radius Server: Enables the selected hosts radius authentication services, multiple hosts can be defined as radius servers.
Configure Directory Import: Enter the information required to perform directory synchronisation. Information includes the directory server to synchronise with, the primary directory group used to identify which users should be synchronised (only users in this group will be synchronised), the time each day to perform synchronisation and a directory username and password to use for access. This configuration is automatically pushed to the gateway specified as a directory sync host.
Request Directory Import: Force the gateway host which is configured as the directory sync host to perform a directory synchronisation immediately.
Gateway Key: View the confirmation settings required at time of gateway installation to enable to gateway to register itself.
Radius Network Access Service: A list of applications that provide authentication via the radius services, a radius endpoint is a device which supports radius authentication and is identified by its IP address, multiple endpoints can be associated with the same application.
Shared Secret: View the shared secure for the endpoint, this information is entered in the radius Client and is used for authentication purposes.
View activity and authentication errors that have occurred.
Lists all users who are enabled as administrators for your account, they will have full access to all areas. The administrator’s area also has the link which is distributed to the administrators where they can access your unique administration area. This applies only to users and not the primary registered user who setup the account.
Information about your current service usage, the number of current users including those that may be billable, the charges incurred so far in the current month, as history of usage for the last 12 months and a list of past invoices including payment status.